CMMC Accreditation Body Seeks Continuous Monitoring of Certified Companies

CMMC Accreditation Body Seeks Continuous Monitoring of Certified Companies

The Cybersecurity Maturity Model Certification (CMMC) accreditation body is planning to enlist an independent “partner” that will continue evaluating CMMC-authorized contractors that are required to renew their certifications every three years, Nextgov reported Thursday.

Chris Golden, a member of the board for CMMC-AB, said at a SecurityScorecard webinar that the accreditation body is looking into deploying a monitoring tool that utilizes data in the public domain to ensure continuous monitoring of certified companies.

“That’s a snapshot in time, there’s a whole bunch of things that can happen in that three year period,” he noted.

Robert Knake, a senior fellow for cyber policy at the Council on Foreign Relations, said that most CMMC and Federal Risk and Authorization Management Program (FedRAMP) elements can be measured on an automated and continuous basis.

He added that the CMMC program would mostly benefit from tools such as SecurityScorecard's product that can collect internal data on a company’s cybersecurity posture and report it to stakeholders.

“I think we probably won’t see a sensor moving inside the network, I think we probably will see some form of data collector moving inside the network and bringing data out that can tell you where you are and can tell DoD where you are, or other regulators or other third parties,” said Knake.

Check Also

Jupiter Asteroids

NASA Confirms Integration Schedule of Lucy Asteroid Probe Mission

NASA has concluded the systems integration review of a space probe mission that will explore Jupiter's Trojan asteroids, verifying the spacecraft's components for integration. The review evaluated the integration schedule of the Lucy spacecraft's subsystems, electrical components, scientific instruments, navigation systems and communications.