This is session 2 of 4 in the Fundamentals of Cybersecurity and Regulatory Updates Series.
In this session, Cara Wulf and Philip Lee explore the presence of existing Department of Defense cybersecurity assessment requirements, including DFARS 252.204-7019, DFARS 252.204-7020, and the development and pending arrival of the Cybersecurity Maturity Model Certification (CMMC). They provide a detailed examination of the NIST 800-171 assessment methodology required by -7019 and -7020, and highlight some of the key challenges contractors are likely to face as they implement these requirements. They also provide insight as to the future of CMMC and how contractors can best prepare for the coming obligations.