CMMC: Get ahead by doing the bare minimum

May 12, 2022 by Leave a comment

By Ryan Nelson, Market Intelligence Manager

If you’ve been involved in federal sales for any time at all, you know that government cybersecurity professionals have been asking – pleading, in some cases – for vendors to “bake-in” risk management into their proposal. And while the industry does seem to be inching in that direction, it’s still a topic of great concern among agency IT leaders.

That’s why, if you really want to set yourself apart in federal sales, you need to do the bare minimum, and build your proposals with an eye toward compliance with Cybersecurity Maturity Model Certification 2.0. By doing the bare minimum, you’ll actually stand out from your less motivated competition, and stand a better chance at having your proposal come out on top.

At a recent AFCEA TechNet Cyber show in Baltimore, a panel of cyber experts was once again bemoaning this seeming lack of cooperation with industry’s compliance with cybersecurity directives.
CMMC 2.0 is the latest iteration of the cybersecurity certification, which is aimed at protecting the federal infrastructure from complex cyberattacks. It’s intended to cut red tape for small- and medium-sized businesses and help DoD and industry work together to address evolving cyber threats.
TechNet panelists (everyone from the senior tech advisor for the Operations and Infrastructure Center at DISA to the Army CIO cybersecurity director) were adamant about one thing: CMMC risk mitigation needs to be written into every single proposal.

Read more of this post

Filed under CMMC, Market Intelligence, Sales Tagged with , ,

CMMC 2.0 streamlines requirements for contractors

November 9, 2021 by Leave a comment

By Hollie Kapos, Corporate Counsel

In September 2020, DoD published an interim rule to implement CMMC, which became effective November 30, 2020. The DoD received over 850 public comments in response, citing concerns with cost, trust in the assessment ecosystem, and alignment to other federal requirements.

Accordingly, it began an internal assessment of CMMC policy and implementation and, as a result, DoD has just announced CMMC 2.0, which makes several substantial changes from the original model.

Levels streamlined in CMMC 2.0

Levels 2 and 4 have been removed, so there are now only three instead of five levels of compliance as follows:

  • CMMC Level 1, Foundational – Requires implementation of the 17 controls from NIST SP 800-171 enumerated in FAR 52.204-21 and submission of an annual self-assessment to the DoD through the Supplier Performance Risk System (SPRS).  
  • CMMC Level 2, Advanced – Requires implementation of the 110 controls in NIST SP 800-171 and submission of an annual self-assessment or, if required to handle “critical national security information” (currently undefined), a triennial independent assessment performed by a CMMC Third Party Assessment Organization (C3PAO). 
  • CMMC Level 3, Expert – Requires implementation of the 110 controls in NIST SP 800-171 and a subset of controls from NIST SP 800-172 and a triennial government-led assessment. Requirements for level 3 are still being developed.
Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , ,

CDM Notes: EO 14028 deadline is looming. Is your company ready to help?

October 6, 2021 by Leave a comment

By Amanda Mull, Contract Specialist

Cybersecurity specialists in the federal government are probably feeling the pinch right about now. By October 9, agencies will need to report on their current software systems as part of Executive Order 14028 on Improving the Nation’s Cybersecurity. If you are a vendor of cybersecurity products, you’d be well advised to make sure your business is appropriately listed – sooner, not later.

Following completion of their EO/OMB reports, agencies are to identify areas at high risk for cyberattacks – such as data theft, ransomware, and disturbances or exploitation of email or other communications.  By Identifying these vulnerabilities and whether agencies may be dependent on specific software or system providers, the federal government hopes to gain greater insight into problem areas.

Read more of this post

Filed under CDM, Contracting Tagged with , , ,

3 Public Resources You Need to Prepare for Meeting With DOD

December 30, 2020 by Leave a comment

By Toné Mason, Senior Analyst

Abraham Lincoln once said, “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.”

Investing time in being prepared prior to meeting with a government contact is vital — especially if you are diving into new departments and agencies within the DOD. Here are 3 top public resources at your disposal – and they are free!

Read more of this post

Filed under Army, Market Intelligence, Sales Tagged with , , , , , ,

CMMC Interim Rule Includes New Compliance Requirements

October 7, 2020 by Leave a comment

By Hollie Kapos, Corporate Counsel

You never know what surprises will pop up in the last few days of the government’s fiscal year, and this year there was a big one with the Interim Rule implementing DOD’s Cybersecurity Maturity Model Certification (CMMC).

The Interim Rule (“IR”), published on September 29, 2020 and effective as of November 30, 2020, adds the widely anticipated new DFARS clause for inclusion in DOD contracts implementing CMMC: 252.204-7021 (Contractor Compliance with the Cybersecurity Maturity Model Certification Level Requirement). No surprise there.

But, the IR unexpectedly came with two additional clauses, DFARS 252.204-7019 (Notice of NIST SP 800-171 DOD Assessment Requirements) and DFARS 252.204-7020 (NIST SP 800-171 DOD Assessment Requirements), which require the immediate attention of federal contractors and their subs.  Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , ,

DOD ESI BPAs: What CETA Is and Why It Is Important

May 1, 2020 by Leave a comment

By Derek Giarratana, Supplier Manager

Many of you are familiar with DOD ESI BPAs, but you’re probably not as familiar with the CETA designation and what it means.

Only one vendor has received the CETA designation thus far. Recently, the Navy PEO-EIS designated the Tanium DOD ESI BPA, held by immixGroup, as the first DOD Core Enterprise Technology Agreement (CETA). The CETA designation means that this purchasing vehicle is mandatory for all DOD customers who want to procure Tanium products and services.

DOD Enterprise Software Initiative

Before we dive into CETA and what it means for DOD procurement, let’s briefly talk about the DOD ESI program, managed by the PMW 290 Project Office. Read more of this post

Filed under Contracting, Sales Tagged with , , ,

Top Trending Technologies in DOD for 2020

April 24, 2020 by Leave a comment

By Toné Mason, DOD Senior Analyst

FY20 has truly been the year of technology acceleration within the Department of Defense. Our world has never been more capable technology-wise than it is today. The arrival of 5G and the new challenges brought on by a rapidly expanding remote workforce have catapulted the adoption of new and innovative technologies.

The DOD is at a point where they are looking to gain a better understanding of currently available technologies and applying them where it makes the most sense. Below are some of the key areas the DOD is focused on right now.

Data Integrity

Data integrity is one of the essential areas. As the need for transparency increases and desire to expand more into AI and machine learning, there has been more of a realization that DOD’s data is not consistent, not all data is being recorded and data is incomplete. Read more of this post

Filed under CMMC, Market Intelligence, Sales Tagged with , , , ,

Winners in the FY21 Defense Budget Request

March 19, 2020 by Leave a comment

By Toné Mason, Senior DOD Analyst

The President is requesting $705.4B in DOD funding for FY21, which is a modest 0.1% increase from FY20. The biggest winner by far is U.S. Space Force, but there are still plenty of opportunities across DOD and the services for IT vendors.

Announced in FY20, funding for Space Force in FY21 is largely focused on providing funding for the establishment of the organization as a whole. More details regarding metrics and objectives are anticipated to be further developed over the next few years. From what we know at this time, automation, infrastructure, cyber and data analytics are anticipated to be key areas of interest for them.

Here’s a summary of DOD budget highlights for FY21. Read more of this post

Filed under Market Intelligence, Sales Tagged with , , , , , , ,

If You Sell to DOD, Pay Attention to CMMC

February 6, 2020 by Leave a comment

By Troy Fortune, Vice President & General Manager

You’ve probably heard that the Department of Defense (DOD) recently released the official version 1.0 of its new Cybersecurity Maturity Model Certification (CMMC 1.0).

This is one of the hottest topics in government contracting right now and immixGroup is following developments very closely. And, it will affect everyone in our industry who sells to DOD – resellers, distributors and OEMs. 

As a quick refresher, this is a cybersecurity standard that all contractors must meet if they want to do business with DOD. As we’ve discussed before in a previous blog, the standards themselves are taken from existing ones. With CMMC 1.0, we now have more clarity on what the 5 levels of CMMC entail: Read more of this post

Filed under CMMC, Contracting, Market Intelligence, Sales Tagged with , , ,

Space Force…Lasers, Satellites, Debt, Oh My!

January 8, 2020 by Leave a comment

By Toné Mason, DOD Senior Analyst

The Space Force has finally been established and its focus will be on national security and the preservation of satellites. But what exactly is it and where is it going? Will it include spaceships that shoot out laser beams?

Lots of people are asking lots of questions, but let’s get started with the biggest elephant in the room – armed combat. The Space Force will not include armed combat scenarios and the Air Force has no intentions to make it that way. Now that bubbles have been burst, what is the point of the Space Force if it won’t include armed combat? Why do we need a Space Force if there will be no armed combat? Read more of this post

Filed under Market Intelligence, Sales Tagged with ,

Older posts

%d bloggers like this: