Last Friday, the Under Secretary of Defense for Acquisition and Sustainment (USD A&S) released draft 0.7 of the Cybersecurity Maturity Model Certification (CMMC) framework. The primary purpose of this newest draft was to provide guidance on practices for Levels 4 and 5. Version 0.7 also provided some clarification on maturity processes for Levels 2 and 3.
The CMMC framework is designed to provide unified cybersecurity standards and guidance to the Defense Industrial Based (DIB) for protecting controlled unclassified information (CUI). Once the final version (v 1.0) of CMMC comes out at the end of January 2020, independent auditors will use the framework to certify compliance with DoD cybersecurity requirements.
Important clarifications v 0.7 provided:
- Some 46 practices for Levels 4 and 5 were removed that had been part of earlier drafts. These reductions are relevant to companies working on critical programs for the DoD, which represents only a handful of DIB suppliers. The majority of DIB sub-contractors only need to achieve Level 3 compliance or below.
- The Accreditation Body (AB) formation timeline has slipped from early December to early January. However, 0.7 still lists the finalization of the CMMC Model v1.0 at “end of January” 2020.
- The accreditations for third party assessors (C3PAO) will begin in March, with the formation of the Online C3PAO assessor marketplace taking place at the end of April. The first wave of CMMC C3PAO-led assessments won’t start until early June. As a result, we can say with reasonable certainty that CMMC assessment audits will begin (at the earliest) in June 2020.
Meeting the demands of CMMC certification
CMMC requires Primes and their suppliers to implement procedures and processes for securing their sensitive information. When these groups implement PreVeil to secure their important email and files, they will be able to greatly accelerate their ability to meet and exceed the CMMC standards. Unlike existing solutions, PreVeil can be deployed to only those users who touch CUI and at a fraction of the price.
Contact PreVeil to start securing your sensitive email and files.
*** This is a Security Bloggers Network syndicated blog from PreVeil authored by Orlee Berlove. Read the original post at: https://www.preveil.com/blog/what-is-new-in-cmmc-v-0-7/