CMMC News Flash – Russia & Town Hall

KLC Consulting's CMMC News Flash – February 28, 2022: Updates from the front lines of CMMC. CISA DoD-Defense Industrial Base Top 10 cybersecurity recommendations

KLC Consulting keeps you up-to-date with what’s happening on the front lines of CMMC and NIST 800-171 in our role as a CMMC-AB cleared candidate C3PAO.

CISA Issues “Shields-Up Alert”

CISA (Cybersecurity & Infrastructure Security Agency) issued a Shields-Up cybersecurity alert to all Defense Industrial Base (DIB) companies in response to increasing cyber threats from Russia following Russia’s unprovoked attack on Ukraine. DIB companies should take action to enhance their cybersecurity, create a solid data backup, and make sure the business can recover if it suffers a cyber attack. 

DoD CIO Office Town Hall on Feb. 24, 2022

The office of the DoD CIO held a Town Hall meeting this day to discuss current events in CMMC:

Relocation of the CMMC Program Management

DoD CIO John Sherman [previously] announced on February 3rd that his department would assume responsibility for the Cybersecurity Maturity Model Certification (CMMC) Program Office.  The move enables the DoD CIO to have a more direct influence on the direction of the CMMC program and increase the program’s integration with other Defense Industrial Base Cybersecurity programs.

CMMC 2.0 Level 2 self-assessments “Most Likely” will be eliminated

During today’s Townhall, members of the DoD CIO office restated a February 10th revelation that all DIB organizations needing CMMC Level 2 will “most likely” require third-party C3PAO Assessment. Elimination affects about 80,000 DIB companies that require CMMC Level 2.  

DoD looks to create incentives for early CMMC certification

The DoD is looking at ways to incentivize DIB companies to obtain CMMC certifications before the CMMC rule making completion date (expected to take up to 24 months). Options under consideration include an extension of the 3-year recertification period from the date the Rule making process is complete – which would create a significant cost-saving measure for DIBs.

DoD CIO recommendations for DIB companies

DoD CIO recommendations include adopting the following “Top 10” practices to improve DIB cybersecurity posture:

KLC newsletter 02-28-2022 
NIST 800-171
CISA DoD-Defense Industrial Base Top 10 cybersecurity recommendations
CISA Top 10 cybersecurity recommendations to improve cybersecurity

Viewpoints From Kyle Lai

About KLC Consulting:  Image of Kyle Lai, President and CISO.  Kyle holds CISSP, CSSLP, CISA, CDPSE, CIPP/US, CIPP/G, ISO 27001 Lead Auditor certifications.  KLC Consulting provides flexible and affordable CMMC compliance solutions.

Kyle Lai
President and CISO
KLC Consulting, Inc.

POINT #1 — The Balancing Act within DoD Information Security

The change in thinking to eliminate Level 2 self-assessments for DIBs who handle “non-prioritized” CUI category is a recognition of the constant balancing act between goals and practical realities:

  • First and foremost, the CMMC 2.0 program holds the commitment to safeguard sensitive national security information while streamlining the process and improving affordability for DIB Companies,
  • Eliminating CMMC Level 2 self-assessments (should that become final) reaffirms the inadequacy of the self-attestation model that compelled the creation of the CMMC standard, and
  • CMMC 2.0 enables more development time for the nascent CMMC ecosystem

POINT #2 — Perform a Gap Assessment

Another recommendation from the DoD CIO’s office is to undertake a Gap Assessment to determine where compliance gaps exist in DIB company compliance programs. 

TIP — FREE Resources from CISA

CISA provides some terrific FREE resources to help small to medium size companies improve their cybersecurity posture. Check out their Cyber Resource Hub for more information.

Where are you in your CMMC / NIST 800-171 program?

We offer you a complimentary, no-cost initial consultation to shed light on your compliance challenges. 

KLC Consulting specializes in FLEXIBLE consulting and AFFORDABLE NIST 800-171, and CMMC solutions for:

Let’s talk!

KLC Consulting CMMC YouTube
KLC newsletter 02-28-2022 
NIST 800-171
KLC Consulting CMMC LInkedIn
KLC newsletter 02-28-2022 
NIST 800-171

Check out our YouTube channel and LinkedIn pages for the latest information and education resources for Cybersecurity Maturity Model Certification.

Let’s Talk About CMMC and NIST 800-171

We meet you where you’re at and bring you to ‘CMMC Assessment Ready’
with as much or as little help as you need

Scroll to Top