Artwork

תוכן מסופק על ידי Cherry Bekaert. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Cherry Bekaert או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !

CMMC 2.0 Brings Major Program Changes

15:57
 
שתפו
 

Manage episode 306735128 series 2772889
תוכן מסופק על ידי Cherry Bekaert. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Cherry Bekaert או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

On November 4, the Department of Defense (DoD) announced the strategic direction of the Cybersecurity Maturity Model Certification (CMMC) program, which marks the completion of an internal program assessment led by senior leaders across DoD.

CMMC 2.0 brings about a number of changes which DoD will be pursue through the rulemaking process and will include public comment periods.

Listen to Neal Beggan, a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, and Eric Poppe, a senior manager in the Firm’s Government Contractor Services Group, as they discuss DoD’s modifications and their potential impact on contractors and subcontractors in the defense industrial base (DIB).

Changes include:

  • Eliminating levels 2 and 4 of the framework and using National Institute of Standards and Technology (NIST) cybersecurity standards
  • Companies at Level 1, and a subsection of companies at Level 2 will only be required to demonstrate compliance through annual self-assessments
  • Triannual third-party assessments at Level 2 for critical national security information, as well as triannual government-led assessments at Level 3
  • Increase in oversight of professional and ethical standards of third-party assessors
  • New waiver processes for select requirements - DoD indicated:
    • “Under certain limited circumstances”, companies can make “Plans of Action & Milestones (POA&Ms)” to achieve certification
    • “Under certain limited circumstances”, waivers to CMMC requirements will be allowed

DoD is also suspending the current CMMC pilot program for select contracts and will not approve any CMMC requirements in DoD solicitations while the rulemaking is underway. The Defense Department further indicated that it is looking at providing incentives to contractors who voluntarily obtain certification during the interim period and more information will be forthcoming.

View all Government Contracting Podcasts

  continue reading

77 פרקים

Artwork
iconשתפו
 
Manage episode 306735128 series 2772889
תוכן מסופק על ידי Cherry Bekaert. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Cherry Bekaert או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

On November 4, the Department of Defense (DoD) announced the strategic direction of the Cybersecurity Maturity Model Certification (CMMC) program, which marks the completion of an internal program assessment led by senior leaders across DoD.

CMMC 2.0 brings about a number of changes which DoD will be pursue through the rulemaking process and will include public comment periods.

Listen to Neal Beggan, a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, and Eric Poppe, a senior manager in the Firm’s Government Contractor Services Group, as they discuss DoD’s modifications and their potential impact on contractors and subcontractors in the defense industrial base (DIB).

Changes include:

  • Eliminating levels 2 and 4 of the framework and using National Institute of Standards and Technology (NIST) cybersecurity standards
  • Companies at Level 1, and a subsection of companies at Level 2 will only be required to demonstrate compliance through annual self-assessments
  • Triannual third-party assessments at Level 2 for critical national security information, as well as triannual government-led assessments at Level 3
  • Increase in oversight of professional and ethical standards of third-party assessors
  • New waiver processes for select requirements - DoD indicated:
    • “Under certain limited circumstances”, companies can make “Plans of Action & Milestones (POA&Ms)” to achieve certification
    • “Under certain limited circumstances”, waivers to CMMC requirements will be allowed

DoD is also suspending the current CMMC pilot program for select contracts and will not approve any CMMC requirements in DoD solicitations while the rulemaking is underway. The Defense Department further indicated that it is looking at providing incentives to contractors who voluntarily obtain certification during the interim period and more information will be forthcoming.

View all Government Contracting Podcasts

  continue reading

77 פרקים

همه قسمت ها

×
 
Loading …

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

 

מדריך עזר מהיר