CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |
3 things have been true since CMMC 2.0 was announced in November 2021 1) CMMC is happening 2) DoD will offer cybersecurity tools and services 3) There is a huge gap between CMMC requirements and DoD's solutions It started with the DoD CIO's Town Hall in February 2022 and has persisted in various panels, presentations, and testimonies since then. Now, years after CMMC became an inevitability, those offerings are formalized in Appendix III of DoD's recent DIB Cyber Strategy: - Network traffic monitoring x2 - Threat detection and blocking x2 - Vulnerability scanning x2 - Cybersecurity program evaluation - Network mapping - Phishing assessments - Asset discovery - Training through Project Spectrum and Blue Cyber Yet the gap between the offerings and the requirements verified by CMMC remains and I see no possible way that changes between now and roll-out of CMMC (which could start as early as the end of this year). The bottom line: hoping that DoD will suddenly change course to match tools and services to the requirements imposed on the DIB is not a strategy. Contractors and subs should plan accordingly.
Nothing like keep’in it real!
So, you're saying there's a chance?! https://youtu.be/KX5jNnDMfxA?si=GW-15kmS97DaJzwV
I'd love to see more emphasis of application-level risks (e.g., runtime, APIs, SCA, etc.). Separately, are those prescription?
CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk |
2mo👀 Watch the full podcast here: YouTube: https://youtu.be/JYsmwcWzglU?si=lMMFP2BT_jqUaSf1 Spotify: https://open.spotify.com/show/2qwRGssjNbp7M2Ygm2Dvum 🔊 Listen here: Apple Podcasts: https://podcasts.apple.com/us/podcast/summit-7-presents-sum-it-up/id1649265805 Pandora: https://www.pandora.com/podcast/summit-7-presents-sum-it-up/PC:1001030604 Stitcher: https://www.stitcher.com/show/1030604 Spotify: https://open.spotify.com/show/2qwRGssjNbp7M2Ygm2Dvum Amazon: https://music.amazon.com/podcasts/7d78f748-d481-47fc-abd1-061157ce0a81