This Microsoft Tech Community Public Sector Blog post is an in depth response for the Defense Industrial Base (DIB) regarding compliance with the newly-established Cybersecurity Maturity Model Certification (CMMC) from the U.S. Department of Defense (DoD).
The Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD(A&S)) vision for CMMC is to be a unified cybersecurity standard for DoD acquisitions to reduce exfiltration of Controlled Unclassified Information (CUI) from the Defense Industrial Base (DIB).
Representatives from several primes are discussing the impact of CMMC on the supplier base. These primes include Jeffrey Dodson (BAE Systems), Christopher Page (Huntington Ingalls Industries), Mike Gordon (Lockheed Martin), and Noble Dean (L3Harris).
October 24, 2019: DoD has announced CMMC as a unified cybersecurity standard to be consistently applied to all organizations across the Defense Industrial Base. CMMC certification becomes a requirement in 2020. It will greatly enhance the cybersecurity of the supply chain, but will also enforce new requirements for your organization to participate on any DoD contract. CMMC requires certification by an accredited third party and is pass/fail. Watch Ms. Arrington's CMMC introduction.
The following announcements highlight recent cybersecurity news including alerts, threats, vulnerabilities, and malicious activity. They also include up-to-date information on available updates and patches for your operating systems.
When information security vulnerabilities are identified, the Internet Storm Center (ISC) develops, assembles, and distributes material to help the cyber security community manage these threats. For some of the more critical vulnerabilities, SANS hosts special webcasts led by ISC handlers to provide additional information. On this page, you can read an overview of some of the recent critical vulnerabilities, watch the related webcasts or go to the ISC to learn more about each vulnerability.