The Department of Defense introduced the final version of the Cybersecurity Maturity Model Certification program in late January and Maurice Uenuma, vice president of federal at Tripwire, said CMMC is a key step to securing DoD's supply chain, Signal Magazine reported Sunday.
“Perhaps the greatest benefit, at least at the outset, is that it clearly communicates the seriousness with which DOD intends to address weaknesses in supply chain cybersecurity, and its intention to leverage its vast regulatory and market powers to drive compliance,” Uenuma said of CMMC. “There is also the benefit of integrating and rationalizing several different standards “¦ into a single framework. If this effort is ultimately successful, the lessons learned and market impact could reach far beyond the defense industrial base.”
The CMMC program, which aims to ensure that companies comply with DoD's cybersecurity standards, is scheduled to take effect later this year and experts including Uenuma believe the Pentagon sets an aggressive timeline for the cyber framework's implementation.
Uenuma noted that DoD should first conduct a pilot program to address potential issues associated with CMMC implementation. “The devil's in the details. The specific metrics and measures will be very important,” he said. “Striking the right balance will be key, so a pilot program or focusing on a narrower set of initial suppliers or a subsegment may be the way to go.”
Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, will serve as a keynote speaker at the CMMC Forum 2020. She will address the CMMC's timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.
A full expert panel will include Ty Schieber, senior director of executive education and CMMC-AB chairman of the University of Virginia and Richard Naylor of the Defense Counterintelligence and Security Agency (DCSA) among other members of the federal sector and industry.
Register here to join Potomac Officers Club for its CMMC Forum 2020 on April 2nd to learn about the impact DoD's CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market.