Despite being busy with work related to the coronavirus outbreak, the government, and particularly the Department of Defense, continues to move forward with the Cybersecurity Maturity Model Certification (CMMC) program.  This week, the Defense Department came to an agreement with the third-party nonprofit that will administer the program, alleviating any concerns that the project would be slowing down due to other government priorities.  This, of course, doesn’t mean that they’ll be working on one issue versus the other, but that work will continue for both.

The purpose of CMMC is for the government to use third-party auditors to be able to validate their contractors’ cybersecurity claims.  Before this program, government contractors would merely have to attest to the fact that they were meeting cybersecurity requirements.  These requirements are based off of those laid out by the National Institute of Standards and Technology.  The plan drew comparisons to the recently issued Cyberspace Solarium Commission recommendations regarding liability and certification.

Currently, only the Department of Defense is going to be using the CMMC, but since the many other civilian government agencies are using a variety of different cybersecurity standards, it’s likely that they’ll end up using this scheme. The goal of these cybersecurity updates is to arrive on some unified standards under the Secure Technology Act, so it makes sense that agencies would be looking to find some common footing.

While the newly signed agreement is a clear step in the right direction, and a sign that the project continues to move ahead, there are certainly hiccups that have emerged as a result of the coronavirus pandemic. Public events regarding the project have all been postponed and all coordination is being done from a virtual environment. Industry trade Nextgov noted that in the webcast announcing the agreement that the audio became “unintelligible.”

Despite the technical challenges though, progress will continue, which will help the government, and your data, stay more secure.  Extract commits to security by not only automating redaction processes and reducing errors, but by ensuring that our clients’ data, government or otherwise, stays behind their firewall, reducing the chance for exposure and making sure their security standards are being met.  IF you’d like to learn more about our offerings, please reach out today.

About the Author: Chris Mack

Chris is a Marketing Manager at Extract with experience in product development, data analysis, and both traditional and digital marketing. Chris received his bachelor’s degree in English from Bucknell University and has an MBA from the University of Notre Dame. A passionate marketer, Chris strives to make complex ideas more accessible to those around him in a compelling way.