May 11, 2020

For some small businesses, securing your information systems (and your proprietary data) might seem complicated and expensive, but it doesn't have to be.  After all, cybersecurity can simply be described as implementing practices, procedures, and technologies to protect the confidentiality, integrity, and availability of data (i.e., to help prevent unauthorized access to data and cyberattacks).

A cybersecurity program can begin with, for example, creating i...

March 20, 2020

Today, the Department of Defense ("DoD") released Version 1.02 of its Cybersecurity Maturity Model Certification ("CMMC"), dated March 18, 2020.  According to the CMMC Errata, all fifteen changes were termed "Administrative" changes (as opposed to "Substantive" or "Critical" changes).  Some of the Administrative changes include, for example:

  • In practice AT.4.059, the references to NIST SP 800-53 Rev 4 AT-2(3), AT-2(4), AT-2(6), AT-2(7) were removed.

  • In practice C...

January 31, 2020

Later today, the Department of Defense will release version 1.0 of its Cybersecurity Maturity Model Certification ("CMMC").  With the CMMC moving full steam ahead, several new pieces of information (below) have come to light regarding the timing of when the CMMC will appear DoD solicitations and the CMMC Accreditation Body's ("CMMC-AB") efforts to train the third-party assessors who will be performing CMMC assessments.

Given that this recent news might caus...

December 16, 2019

The Department of Defense ("DoD") recently published its Draft Cybersecurity Maturity Model Certification ("CMMC") Version 0.7 (dated December 6, 2019). DoD posted the following note with the release:

DoD is releasing this latest version (v0.7) so that the public can review the draft model and begin to prepare for the eventual CMMC roll out. This document includes CMMC Levels 1-5 as well as the associated discussion and clarification for a subset of practices and processes in Appendices B - E.

CMM...

September 5, 2019

Yesterday, the Department of Defense (DoD) published its Cybersecurity Maturity Model Certification (CMMC) Draft Version 0.4 (dated August 30, 2019). [1]  

As many government contractors are aware, DoD is creating the CMMC to help shore up defense industrial base cybersecurity by way of third-party audits of contractor information systems regarding NIST SP 800-171 compliance.  Defense contractors are obligated to implement the NIST SP 800-171 controls to protect covered defense information in DoD...

June 23, 2019

The Department of Defense (DoD) will likely publish a draft Cybersecurity Maturity Model Certification (CMMC) standard sometime this summer (see here and here). While much focus has been on how the CMMC will help shore up defense industrial base (DIB) cybersecurity—i.e., as the enforcement mechanism for DFARS 7012/NIST SP 800-171 compliance via third-party audits––DoD also must address the process of how agency personnel will select the CMMC “go/no-go” threshold for set-aside procureme...

Please reload

About GovConJudicata

Welcome to GovConJudicata an informational blog/website focusing on government contracts issues, including bid protests (e.g., GAO, COFC), claims, disputes, SBA matters, compliance, regulatory, and cyber (e.g., DFARS, NIST SP 800-171, CMMC).

GovConJudicata is published by Joshua Duvall, managing partner at Matross Edwards, a law firm providing government contracts and cybersecurity legal services to small and mid-sized businesses.

Contact Matross Edwards
Search By Tags
Please reload

Connect
  • LinkedIn
  • Twitter
  • Podcast
  • Spotify
  • TuneIn
  • Apple

Copyright © 2020 Joshua B. Duvall. All rights reserved.

GovConJudicata™ #govconjudicata

CyberJudicata™ #cyberjudicata

LegalJudicata™ #legaljudicata