Pentagon to Train Managers on CMMC Adherence
With the possible advent of the Cybersecurity Maturity Model Certification (CMMC) requirements commencing in a phased rollout by the DoD next year, the Pentagon is developing training and tools to ensure its program managers know when and how to mark sensitive information.
Currently, contractors that handle controlled unclassified information, or CUI, are required to protect it by following National Institute of Standards and Technology (NIST) cybersecurity standards. The CMMC program is intended to provide third-party audits to verify whether contractors have implemented the NIST standards.
However, handling CUI in the DoD has always been a thorny issue for program offices and contractors. Last year, a revealing report by the DoD inspector general found that the DoD largely was not tracking whether programs were using CUI markings for emails and other potentially sensitive documents. DoD and contracting officials were also found not to be checking whether personnel completed required CUI training. Read more about this story on our LinkedIn page
Currently, contractors that handle controlled unclassified information, or CUI, are required to protect it by following National Institute of Standards and Technology (NIST) cybersecurity standards. The CMMC program is intended to provide third-party audits to verify whether contractors have implemented the NIST standards.
However, handling CUI in the DoD has always been a thorny issue for program offices and contractors. Last year, a revealing report by the DoD inspector general found that the DoD largely was not tracking whether programs were using CUI markings for emails and other potentially sensitive documents. DoD and contracting officials were also found not to be checking whether personnel completed required CUI training. Read more about this story on our LinkedIn page