DoD Acquisition nominee Michael Duffy plans to review Cybersecurity Maturity Model Certification (CMMC) implementation in an effort to balance a need for security and excessive regulation. Duffy also recognized the need for affordability for the Defense Industrial Base (DIB) to maintain cybersecurity best practices to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
Duffy said that he also plans to to review accreditation procedures and actively explore the feasibility of current and potential methodologies for assessing compliance to Department of Defense (DoD) cybersecurity requirements.
Michael Duffey is President Donald Trump’s nominee for Under Secretary of Defense for Acquisition and Sustainment. He is an American journalist and author, known for his work as an opinions editor at large for the Washington Post and as a former Pentagon correspondent for Time magazine. He has also co-authored notable books, including “The Presidents Club: Inside the World’s Most Exclusive Fraternity.”
SCIFs for Small and Medium Sized Businesses
Small and medium sized businesses face resource constraints in achieving secure facilities. To address this Duffey has suggested providing access to shared Sensitive Compartmented Information Facilities (SCIF) to ensure equitable access to classified information. An SCIF is a secure area used to process and discuss classified information, designed to prevent unauthorized access and eavesdropping. These facilities can be permanent or temporary and are often used by government and military personnel.
Expectations for CMMC in the Near Future
Deregulatory efforts currently underway are not expected to derail CMMC implementation. There are however, still points of contention regarding financial burdens for small and medium sized businesses. Additionally, there are concerns about inadequate numbers of C3PAO auditors to perform certification.
Most importantly, organizations are not ready for CMMC. DIB members, both large and small, site costs, a lack of technical expertise, and confusing information from the DoD as challenges for Cybersecurity Maturity Model Certification (CMMC) compliance.
Adversaries in the the Defense Supply Chain
Duffey promoted a “whole of nation” approach to incentivizing onshore supply chains and expanding domestic manufacturing to counter reliance on China and other adversaries. This would involve the implementation of export controls strategically through both the Department of Defense and the Department of Commerce.
Actions would also take place to address adversarial capital in the Defense Industrial Base which threatens to compromise supply chains and endanger sensitive technologies and ultimately national security. Duffey sited the use of existing tools to counter these threats such as the Committee for Foreign Investment in the United States, Team Telecom, and further export controls.
CVG Strategy Information Security Management System Consultants
The DoD Acquisition Nominee’s confirmation hearing comments on CMMC underline the importance of developing effective cybersecurity programs. CVG Strategy can assist your organization meet the challenges in meeting the CMMC final rule.
We are dedicated to helping small businesses navigate federal regulations and contract requirements for Quality Management, Cybersecurity, Export Compliance, and Test and Evaluation. We can help you meet your information security management system goals. CVG Strategy QMS experts can provide the training required to understand and engage in a ISMS and make it meet desired objectives.
Identify CUI Areas with CVG Strategy Signs
CVG Strategy provides signs to identify areas containing CUI and export controlled items. These signs should be posted at all facility entrances where products are being produced or services are being performed that are under the control of the U.S. Department of State Directorate of Defense Trade Controls (DDTC) and are subject to the International Traffic in Arms Regulations per title 22, Code of Federal Regulations (CFR), Parts 120-130.