Trusted Internet Blog

Thoughts, Guidance, Musings

What Every Government Contractor Needs to Know Now

Posted by Jeff Stutzman, Founder | Oct 25, 2019, 10:59:02 AM

If you don't have cybersecurity, beginning in 2020, you may not be able to bid on new government contracts.

If this applies to your business, schedule a call with an expert today.

Yesterday afternoon I sat through a webinar with Katie Arrington, the head of the government's efforts to solidify cybersecurity in the DoD Supply Chain.  Here's what I found out.

It started here; President Trump, May 2017, released Executive Order 13800 on "Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure."  Since that time, there has been a dizzying array of orders, laws, recommendations, planning, and putting into action. 

The result?

In 2020, contractors will be required to have a trained third-party auditor assess and attest to their level of cybersecurity maturity. Government Acquisition teams will explicitly state the Cyber Security Maturity Model Certification (CMMC) level (between 1 – 5) is required to participate in the RFP. Sections L & M of every RFP will spell out which CMMC level is required. Your CMMC Level will be used as a "go/no-go determination";  if you don't hold the proper CMMC level, you won't be able to participate in that RFP. 

The bad? The overwhelming majority of government contractors are under 1,000 employees and do not have the teams in place to support this needor capability.

The good? It's not hard, just new. And, it can be managed using an outsourced security service (like Trusted Internet).

Is this real? Yes. During today's webinar, Katie Arrington, CISO for Under Secretary of Defense for Acquisitions and Sustainment told of two companies who claimed NIST 800-171 compliance using the self-assessment process with government regulations, but when a whistleblower came forward, one was not and found guilty; the second was fined $4.9 mil for delivering a product (with a known cyber vulnerability) to the government. It's real, and the government cyber initiatives appear to now have teeth. 

Trusted Internet offers a simplified reference architecture and processes. You run your business. We snap in our run your security, and we do it for a fraction of the cost of what you could build it and run on your own; and, we're experts in our field. Level 5 certification becomes attainable.  

Need more information?  Or...



Topics: critical infrastructure, Defense Industrial Base, 800-171, cybersecurity

Written by Jeff Stutzman, Founder

Mr. Stutzman personally operates as the CISO to the head coach of an NBA team, a $3.5 billion Houston oil and gas engineering and services company, a northern Virginia physical security company, and Wall Street CEO while supervising Virtual CISOs responsible for protecting executive homes and their companies around the world. He has been cited in the Wall Street Journal, Wired Magazine, NH Public Radio, and numerous trade publications. He holds a BS from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow.