“Deliver Uncompromised:” DoD CMMC, NIST SP 800-171 and the new FASC

The recently released DoDD 5000.01 (“The Defense Acquisition System”) recognizes that Security, cybersecurity, and protection of critical technologies at all phases of acquisition are the foundation for uncompromised delivery and sustainment of warfighting capability.” This was the core thesis of the August 2018 MITRE “Deliver Uncompromised” Report. The speakers will review what has been accomplished, what is underway and what lies ahead in DoD efforts to act on the “DU Report recommendations. CMMC is a key starting point. If adversaries can penetrate contractor networks and steal sensitive unclassified information from the DIB, defense systems can be compromised even before delivery or at any time in their lifecycle. On the horizon for CMMC are other objectives. The new Federal Acquisition Security Council (FASC) Interim Final Rule points to coordinated activity by DoD and other federal agencies to address foreign source threats and take on the challenge of supply chain security, including hardware and software assurance.