CMMC Accreditation Body Seeks Continuous Monitoring of Certified Companies

CMMC Accreditation Body Seeks Continuous Monitoring of Certified Companies

The Cybersecurity Maturity Model Certification (CMMC) accreditation body is planning to enlist an independent “partner” that will continue evaluating CMMC-authorized contractors that are required to renew their certifications every three years, Nextgov reported Thursday.

Chris Golden, a member of the board for CMMC-AB, said at a SecurityScorecard webinar that the accreditation body is looking into deploying a monitoring tool that utilizes data in the public domain to ensure continuous monitoring of certified companies.

“That’s a snapshot in time, there’s a whole bunch of things that can happen in that three year period,” he noted.

Robert Knake, a senior fellow for cyber policy at the Council on Foreign Relations, said that most CMMC and Federal Risk and Authorization Management Program (FedRAMP) elements can be measured on an automated and continuous basis.

He added that the CMMC program would mostly benefit from tools such as SecurityScorecard's product that can collect internal data on a company’s cybersecurity posture and report it to stakeholders.

“I think we probably won’t see a sensor moving inside the network, I think we probably will see some form of data collector moving inside the network and bringing data out that can tell you where you are and can tell DoD where you are, or other regulators or other third parties,” said Knake.

You may also be interested in...

Bruce Caswell

Maximus Reports Q4 FY 2020 Results; Bruce Caswell Quoted

Maximus has reported financial results for the fourth quarter and full year, which ended Sept. 30, 2020. for fiscal 2020, revenue increased to $3.46 billion compared to $2.89 billion reported for the same period last year. Maximus reported organic growth of 15.7 percent in fiscal 2020, or 4.6 percent excluding the Census contract.