Please join us at the CIS 720 Seminar tomorrow, October 12 (4:30p-5:30p), for David Stevens‘ presentation on “Trends in Cybersecurity: The Cybersecurity Maturity Model Certification (CMMC)”.
In an attempt to confirm contractor compliance with DFARS 7012, the DoD came up with the Cybersecurity Maturity Model Certification (CMMC) as a verification mechanism designed to ensure that cybersecurity controls and processes adequately protect CDI and CUI, residing on Defense Industrial Base (DIB) systems and networks. The Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD (A&S)) started the process of creating the CMMC in March 2019, with the finalization of the CMMC v1.0 expected in January 2020. This has been delayed until Spring 2021. After the implementation of the CMMC requirement, contracting organizations must have an official CMMC compliance audit and score, before bidding on, or accepting, DoD contracts. DoD contractors will have to pay for a new audit every three years. These audits could easily cost over $30,000. This CMMC will be difficult to implement, expensive for companies to have an official audit, and impacts over 300,000 companies in the US. The unsustainable recurring audit cost of the CMMC for small and medium businesses (SMBs) could result in the elimination of many DoD contractors. This could have an immediate negative effect on the DIB supply chain.
Why is the CMMC necessary? What does compliance entail? Will it be effective? This presentation will provide an overview of these developments and highlight potential areas for future research.
David Stevens is a first-year CIS PhD student and a full-time Information Technology Instructor at Kapi’olani Community College (KapCC) teaching a range of technology related courses, including programming, databases, network security, project management, cloud-based computing, and ethical hacking. Prior to joining academia, he had a 20-year IT career, which included working as a programmer, website developer, project manager and cryptographer. His interest in cyber-security compels him to continually research, analyze, solve for, discuss, and educate on the ever-increasing number of vulnerabilities associated with most web-based applications that rely on user authentication for access. For his dissertation research, he plans to focus on secure online voting systems and their secure implementation.