CMMC: Securing the Defense Industrial Base

When the Defense Department released its long-awaited proposed rule for CMMC 2.0 in December, it marked the latest evolution in the department’s years-long effort to secure the sensitive government information held on contractors’ systems.

Securing contractor IT systems is of paramount importance given the central role that the DIB plays in U.S. military operations. In just one example that underscores the urgency of the problem, the FBI, the National Security Agency and CISA released a joint cybersecurity advisory in February 2022 stating that they had observed “regular targeting of U.S. cleared defense contractors by Russian state-sponsored cyber actors” since at least January 2020. And some of those attempts were successful, with potentially grave consequences.

Such common weaknesses in IT systems are what DOD’s Cybersecurity Maturity Model Certification program is meant to address. “CMMC is blocking and tackling — the basics of cyber hygiene,” Matthew Travis, CEO of the Cyber AB, told Nextgov/FCW. His organization plays a central role in helping DOD implement the CMMC program and helping companies comply with it.

 Indeed, many experts have warned companies not to wait until CMMC 2.0 is formalized and incorporated into contract requirements. The certification process is complex and time-consuming, Travis said, and it “involves the entire company because DOD wants to see that cybersecurity is inculcated in how the business operates.”

  Read the latest insights from CMMC industry thought leaders in CMMC, including:

• Brian Berger, President of Cytellix, discusses how combining governance, risk and compliance with managed detection and response truly transforms cybersecurity
• Robert Hill , CEO and Founder of Cyturus, explains how Adversaries can undermine U.S. defense capabilities by making a slight alteration in a tiny subsystem
• Matt Berry, Chief Operating Officer at HP Federal, details how delivering highly secure endpoints hinges on innovation and a holistic approach to supply chain decisions
• Mike Eppes , Director of Public Sector at Keeper Security, notes how companies can satisfy several CMMC controls with a password manager and privileged access manager rooted in zero trust
• Sanjeev Verma , Founder and Chairman of PreVeil, explains how an innovative, encrypted email and file-sharing system simplifies information protection under CMMC and DFARS
• Saif Rahman,  CEO and co-Founder of Quzara, details how Quzara Cybertorch™ enhances an organization’s ability to understand and respond to threats
• Jeffrey Adorno, Senior Manager of Strategic Initiatives at Zscaler, and Ryan Heidorn, CTO at C3 Integrated Solutions, jointly explain how a partnership between C3 and Zscaler takes the guesswork out of meeting CMMC’s requirements

Read more insights from Carahsoft and our CMMC partners when you download the full report: