RESOURCES
NEW Department of Defense (DoD) Defense Industrial Base (DIB) Cybersecurity (CS) Activities
The DoD released a final rule that revises eligibility criteria for the voluntary DIB Cybersecurity Program, allowing all contractors who handle CDI (DoD CUI) to benefit from bilateral information sharing, which was previously available only to cleared contractors. This ruling also replaces the need for a Medium Assurance Certificate to access the DIBNet portal for cyber incident reporting by allowing registration for DIBNet access through the Procurement Integrated Enterprise Environment (PIEE). Link | Download
Contractual Remedies to Ensure Contractor Compliance with Defense Federal Acquisition Regulation Supplement Clause 252.204-7012
The DoD has circulated this Memo to contracting officers to remind them of contractor cyber compliance requirements and emphasize penalties that can be levied against non-compliant contractors. Link|Download
CMMC 2.0: Level 1 Self-Assessment Guide
The DoD has released the new Assessment Guide for CMMC 2.0 Level 1. This document provides guidance for companies to correctly perform their Level 1 self-assessments, which must be conducted annually, reported to SPRS, and affirmed by a senior company official when contracts require CMMC 2.0 Level 1. Link | Download
CMMC 2.0 Model and Scoping Guidance
The DoD has released details of the new CMMC 2.0 Model, along with scoping guidance for Level 1 "Foundational" and Level 2 "Advanced" certification, as well as a CMMC 2.0 Artifact Hashing Guide.
CMMC 2.0 Announced
The DoD has announced an update to the Cybersecurity Maturity Model Certification (CMMC) program. CMMC 2.0 will incorporate many important changes to the planned implementation of CMMC. Link
CMMC Level 1 and Level 3 Assessment Guides
The CMMC Assessment Guide for Level 3 provides information about the assessment objectives and types of evidence that assessors will need to review in order to validate the successful implementation of CMMC practices and processes. Link| Download (Level 1) Link | Download (Level 3)
Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)
The DoD has issued an interim rule to amend the DFARS cybersecurity regulations to implement a DoD Assessment Methodology and Cybersecurity Maturity Model (CMMC) framework in order to assess contractor implementation of cybersecurity requirements and enhance the protection of unclassified information within the DoD supply chain. (Comments on the interim rule should be submitted in writing on or before 60 days after date of publication in the Federal Register.) Link | Download
Cybersecurity Maturity Model Certification (CMMC) Version 1.0 Released (January 31, 2020)
The DoD has released the official version of CMMC v1.0. This document is effective immediately and provides clarification on what the requirements will be for each level of CMMC certification.
Establishment of the Chief Information Security Office Memorandum (July 24, 2019)
This memo from Kevin Fahey, Assistant Secretary of Defense for Acquisition, establishes the CISO office with Katie Arrington as CISO. This establishes her authority to implement the CMMC program. Download
Cybersecurity Maturity Model Certification (CCMC) Website (June 2019)
The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) launched a website that hosts additional background on the proposed CMMC, including a list of FAQs. Link
