If you don't have cybersecurity, beginning in 2020, you may not be able to bid on new government contracts.
Yesterday afternoon I sat through a webinar with Katie Arrington, the head of the government's efforts to solidify cybersecurity in the DoD Supply Chain. Here's what I found out.
It started here; President Trump, May 2017, released Executive Order 13800 on "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure." Since that time, there has been a dizzying array of orders, laws, recommendations, planning, and putting into action.
In 2020, contractors will be required to have a trained third-party auditor assess and attest to their level of cybersecurity maturity. Government Acquisition teams will explicitly state the Cyber Security Maturity Model Certification (CMMC) level (between 1 – 5) is required to participate in the RFP. Sections L & M of every RFP will spell out which CMMC level is required. Your CMMC Level will be used as a "go/no-go determination"; if you don't hold the proper CMMC level, you won't be able to participate in that RFP.
The bad? The overwhelming majority of government contractors are under 1,000 employees and do not have the teams in place to support this needor capability.
The good? It's not hard, just new. And, it can be managed using an outsourced security service (like Trusted Internet).
Is this real? Yes. During today's webinar, Katie Arrington, CISO for Under Secretary of Defense for Acquisitions and Sustainment told of two companies who claimed NIST 800-171 compliance using the self-assessment process with government regulations, but when a whistleblower came forward, one was not and found guilty; the second was fined $4.9 mil for delivering a product (with a known cyber vulnerability) to the government. It's real, and the government cyber initiatives appear to now have teeth.
Trusted Internet offers a simplified reference architecture and processes. You run your business. We snap in our run your security, and we do it for a fraction of the cost of what you could build it and run on your own; and, we're experts in our field. Level 5 certification becomes attainable.
Need more information? Or...