CMMC Review Part 1 of 3:
A Green Paper: Analysis of The DoD Cybersecurity Maturity Model Certification (CMMC) Soliciting Input and Comments
This month, (during National Cyber Security Awareness Month), and responding to recent developments in the DoD's cybersecurity assessment and certification processes for both governement and civilian commercial companies who do business with the government, I've decided to provide an indepth review of the recently announced DoD initaitive for updating and expanding it's cybersecurity frameworks and standards or what is called the "CMMC". I'm also extending an offer for my readers, customers, members and alliance partners of Imprmis and the National Cyber Exchange to review our Green Paper, to provide feedback and comments so that we can create a finalized "White Paper Version" in the next 30-60 days so that it can be submitted to the DoD and be a part of the national discussion to help frame and shape the process going forward.
Why the Green Paper?
In the Green Paper Steve Lines of the DIB-ISAC and I, explore and discuss the motivation behind developing the CMMC for defense contractors, and why this will have a major impact on the current cybersecurity assessment, remediation, and certification process overall. Because of the significant increase in the number of compliance items and complexity imposed by multiple cybersecurity frameworks and standards that are being suggested by the DoD and its consultative participants... We provide a top-down and bottom-up review to help quantify and describe these proposed changes as well as make some recommended changes and modifications in an effort to streamline and simplify what looks to be a very daunting and complex process overall.
The potential threat to small businesses has been made clear. That's what a call to action for small and medium business is put forward so that important feedback is provided to DoD so that an appropriate design is achieved and balanced with respect to the competing demands of good security and affordable, achievable implementation of the core competencies of Information Security.
To review the Green Paper online, (if your browser supports in-line opening of PDF documents) just click on the thumbnail image of the Green Paper at the right. Or to download a copy for review, simply right-mouse-click and save the PDF file locally. If you are a small or medium sized business, or a larger commercial enterprise that does business with the Federal Government, or you are a sub-contractor to a prime-contractor on a government contract, this will obviously impact you. If so, we encourage you to provide your input and feedback on the process.
You can use an online feedback form that we have set-up on the National Cyber Exchange's website that will help collect your feedback to the Green Paper as well as the proposed CMMC framework, where we will combine your inputs and suggestions into a larger comprehensive submission to the DoD for their review and consideration. Let us know what you think.
Submit comments to https://nationalcyber.org/CMMC and the DIB ISAC and the NCX will make sure all comments are received by the CMMC team.
Both Steve and myself thank you for your participation in advance.
Michael G. Semmens
President & CEO, Imprimis Inc.
Chairman, National Cyber Exchange
President DIB ISAC Inc.