Jerry McGinn, executive director of the Center for Government Contracting at George Mason University’s School of Business and GovCon Expert for Executive Mosaic, has presented his key takeaways from a presentation by Katie Arrington, chief information security officer at the Department of Defense and a 2020 Wash100 award winner, about DoD’s Cybersecurity Maturity Model Certification.
CMMC establishes cyber practices and processes that seek to protect the defense industrial base and supply chain from cyber threats and has five levels ranging from basic cyber hygiene to highly advanced practices.
McGinn noted that CMMC not only applies to DoD, but also to companies and individuals. “Cybersecurity is imperative for all individuals and companies, regardless of whether you are doing business with DoD,” he added.
He said he expects interagency partners and international allies to advance the adoption of CMMC, which will be subject to a phased implementation.
McGinn said initial provisions of the new cyber framework will manifest in selected contracts later this year and the Pentagon aims to have all contracts integrate CMMC provisions by 2025.
Another takeaway McGinn noted from Arrington’s presentation is about the CMMC accreditation body, which will train and certify organizations for five cyber maturity levels.
“The AB will be the focal point for industry actions in the coming weeks. For example, there will be opportunities for firms that would like to become CMMC certifiers or trainers,” McGinn noted. “For companies, the AB will roll out training programs to help companies assess their current CMMC readiness and get on a path to meet the CMMC level appropriate for their future DoD contracts.”