With the Department of Defense’s (DoD) new security regulations around the corner, it is imperative for government contractors to stay up to date with how the guidelines and expectations have shifted from NIST SP 800-171 and NIST SP 800-53 to Cybersecurity Maturity Model Certification (CMMC).

As the threat landscape continues to evolve, systems used by the U.S. government, become increasingly popular and attractive targets for cyber attacks (due to the sensitive and critical nature of the information they store), organizations have been forced to take the steps needed to protect the integrity of their systems and the data within them.

The new CMMC will require all contractors that work directly or indirectly on DoD contracts to be certified. By meeting CMMC guidelines, it will prove the company’s IT systems are capable of protecting DOD-sensitive information and will help companies gain a competitive advantage.

The regulation will build upon existing frameworks from NIST. CMMC outlines a 5-tier certification model for government contractors to ensure they establish the controls needed to protect sensitive data including Federal Contract Information and Controlled Unclassified Information (CUI).

The 5 certification tiers in CMMC range from basic controls, likely appropriate for smaller subcontractors, to highly sophisticated, state-of-the-art controls, likely appropriate only for the largest, strategic contractors.

Level 1 indicates a contractor has basic cyber hygiene and can safeguard FCI, level 3 indicates a contractor has good cyber hygiene and is capable of protecting CUI in compliance with NIST SP 800-171 pursuant to the existing DFARS 252.204-7012.

For companies to attain a level 4 and 5 certification will require that are not only protecting CUI, but also reducing the risk of ATPs. CMMC will draw upon NIST’s new SP 800-171B’s enhanced cybersecurity requirements, which are intended for critical programs and high-value assets.

Regardless of the certification level, all government contractors and subs with access to sensitive data must be certified, with CMMC, there is no self-certification.

Full implementation of CMMC has been projected to take several years because it will not apply to contractors retroactively. The DoD has suggested it may be 2026 before CMMC is incorporated into all DoD contracts as many recently issued contracts will come up for renewal or recompetition. Going forward, the CMMC model will be updated at least annually to keep up with changing threat environments and technological capabilities.

Potomac Officers Club will host its CMMC Forum 2020 on April 2. Click here to register for the event.

Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, will serve as a keynote speaker at the CMMC Forum 2020. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.

A full expert panel will include Ty Schieber, senior director of executive education and CMMC-AB chairman of the University of Virginia and Richard Naylor of the Defense Counterintelligence and Security Agency (DCSA) among other members of the federal sector and industry.

Register here to join Potomac Officers Club for its CMMC Forum 2020 on April 2nd to learn about the impact DoD’s CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market.

Raytheon, the National Radio Astronomy Observatory (NRAO) and the Green Bank Observatory (GBO) have entered into a cooperative research and development agreement to detect and characterize near-earth asteroids large enough to cause significant damage, the company announced on Tuesday.

The NRAO and the GBO are facilities of the National Science Foundation, operated under cooperative agreement by Associated Universities, Inc.

"Very energetic dusty asteroids…don't reflect sunlight very well, and that makes them incredibly difficult, if not impossible to detect in our solar system…We're collaborating with the NRAO to combine radio astronomy and radar techniques to bring new capabilities to the astronomical community to solve problems like this," said Art Morrish, vice president of Raytheon Advanced Concepts and Technologies.

The collaborative agreement will provide new technologies to expedite the detection process. Raytheon will help integrate a radar transmitter into the Green Bank Telescope (GBT) and use the National Science Foundation's Very Long Baseline Array (VLBA) as a receiver to support a detailed radar image. 

The GBT and the VLBA will each point at the same celestial body and conduct radar experiments. The new approach will increase the probability of detection and characterization of objects out to the orbit of Jupiter and beyond.

Currently, objects around Mars have been difficult for scientists to detect. Jupiter is over 360 million miles further from Mars. With the partnership, research and technology collaborations will allow deep space exploration will continue to benefit knowledge of space and human’s ability to make discoveries within it. 

"Using the radio astronomy facilities of the National Science Foundation in these new research areas is incredibly exciting," said Tony Beasley, director of the National Radio Astronomy Observatory and Associated Universities Inc. and vice president for Radio Astronomy Operations. 

About Raytheon

Raytheon Company (NYSE:RTN), with 2019 sales of $29 billion and 70,000 employees, is a technology and innovation leader specializing in defense, civil government and cybersecurity solutions. With a history of innovation spanning 98 years, Raytheon provides state-of-the-art electronics, mission systems integration, C5I® products and services, sensing, effects, and mission support for customers in more than 80 countries.