DOD Assessment Work on CMMC Reciprocity Continues; Stacy Bostjanick Quoted

DOD Assessment Work on CMMC Reciprocity Continues; Stacy Bostjanick Quoted
NSA-CISA-FBI-UK NCSC Cybersecurity Advisory

The Department of Defense (DOD) is still assessing how to open up the Cybersecurity Maturity Model Certification (CMMC) initiative for reciprocity with the Federal Risk and Authorization Management Program (FedRAMP) and other certification programs as part of a push to help contractors save money as they comply with the new cyber standard, FCW reported Thursday.

Stacy Bostjanick, director of Cybersecurity Maturity Model Certification at DOD’s office of the under secretary for acquisition and sustainment, said a team is collaborating with DOD and the General Services Administration to align the methodologies, levels and requirements of FedRAMP and the CMMC program, which is expected to be included in all defense contracts by 2025.

Bostjanick said Wednesday during an AFCEA Nova event that DOD has finished its reciprocity review for the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) and carried out provisional audits.

She said guidance memo for DIBCAC is awaiting signature, while guidance for FedRAMP could be issued by the end of fiscal year 2021.

You may also be interested in...

Federal Cybersecurity

Senate Committee Releases Federal Cybersecurity Report

The Senate Homeland Security and Governmental Affairs Committee has issued a 47-page report outlining a list of recommendations to improve the cybersecurity posture of federal agencies. The Senate panel’s Federal Cybersecurity report recommends that the Office of Management and Budget (OMB) direct agencies to adopt a risk-based budgeting framework for information technology investments.