This content is for members only. Please and try your request again.

Federal News Network: Tabletop exercises to put CMMC 2.0 through the paces

“Keep an eye on the Defense Department this summer to see just how well designers of version 2.0 of the Cybersecurity Maturity Model Certification (CMMC) did.

The first real test of the revamped effort comes in the form of tabletop exercises in mid-to-late June or early July.

‘We’re going to be doing some tabletop exercises where we actually fabricate a program and walk the dog, making sure we look at a proposal, that we’re looking for the right information and we’re going to have members from the Defense Industrial Base (DIB) sector participate with us,’ said Stacy Bostjanick, the chief of implementation and policy in the DoD’s Office of the DoD Chief Information Officer, at the AFCEA NOVA Small Business IT Day event on May 5. ‘We want to hear from your perspective, whether that’s a bridge too far or that’s too hard for us. We need to read wicker it a different way to make sure that what we put together is an executable program that people can participate in and understand from the get go what your requirements are and how you have to manage and handle things.’…”

“’What we are working through with those tabletop exercises that we’re working on today is going to ferret out where we feel that we can bifurcate Level 2, where we have prioritized and non-prioritized CUI. If you are a company that has federal contract information (FCI), you got to do the 15 [security controls], you got to do that annual self assessment and affirm that you’re compliant to those. Then, you would have to do the self assessment once every three years,’ she said. ‘What we’ve said when we started looking at the universe of companies because there’s about 80,000 companies that are anticipated to be CUI holders, and undoubtedly you will not be bidding on just one contract, I think the thought process is eventually everybody will end up wanting to participate on a procurement that needs a third-party certification. But if you’re lucky enough to be only in receipt of non-prioritized CUI, you’ll be able to do that.’…” Read the full article here.

Source: Tabletop exercises to put CMMC 2.0 through the paces – By Jason Miller, May 9, 2022. Federal News Network.


This topic has 0 replies, 1 voice, and was last updated 1 week, 2 days ago by Jackie Gilbert.

Viewing 0 reply threads

You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.

G2Xchange FedCiv

Log in with your credentials
for G2Xchange Health

Forgot your details?