Future Trends

DOD Discloses First Seven CMMC Pathfinder Contracts

Pentagon

DOD Discloses First Seven CMMC Pathfinder Contracts

The Department of Defense has announced the initial seven contracts to serve as test cases for the Cybersecurity Maturity Model Certification program.  

According to the DOD, the projects to be considered as CMMC’s pathfinders are the Navy’s integrated common processor, F/A-18E/F Full Mod of the SBAR and Shut off Valve, yard services for the Arleigh Burke Class destroyer; the Air Force’s mobility tactical data links, consolidated broadband global area network follow-on, Azure cloud solution and the Missile Defense Agency’s technical advisory and assistance contract, the Federal News Network reported Tuesday.

The agency noted that the contracts are expected to be awarded by September 2021. The Pentagon intends to increase the number of pathfinder candidates and more contracts are seen to be disclosed soon. The original plan was to have 15 procurements in 2021 to gain real-world and detailed insights into the CMMC process.

The process includes requiring every vendor and subcontractor to earn certain levels of certification from an independent CMMC assessor. 

A provisional directive for the program’s regulatory framework was recently set, and the agency is currently checking industry feedbacks regarding the interim rule before making the necessary revisions. 

The rule also added some shorter-term requirements as part of what the department calls a “crawl, walk, run” approach to improving security in the industrial base, according to the WFED report. 

Speaking at a recent industry conference, Katie Arrington, DoD’s chief information security officer for acquisition and sustainment and a 2020 Wash100 winner, said the Defense Contract Management Agency has been conducting audits, also known as DIBCAC assessments, since 2018. 

“What will happen is they will take your assessment that you have given yourself and logged in SPRS, and they’ll actually come to your site and they’ll say, ‘Let’s see how we think you’re actually doing.’ If you’re doing all 110 controls, you’ll be known as a ‘DIBCAC high,’ and that will be good for three years for your company,” she said.

Potomac Officers Club Logo
Become a Potomac Officer Club Insider
Sign up for our weekly email & get exclusive event, and speaker updates, and find networking opportunities to connect with GovCon decision makers.

Category: Future Trends