The OUSD (A&S) team and CMMC Accreditation Body hosted a virtual town hall meeting Jan. 26 to review CMMC and DFARS requirements and provide updates. Below, the Ardalyst team has provided a summary of the updated information released.
1. The DoD is initiating its CMMC pilot program for FY21.
- 7 initial pilot candidate contracts (3 Navy, 3 Air Force, 1 MDA) were announced 15 Dec, 3 more from the Army have been identified since. The table below lists the specific contract programs chosen and their associated service or agency.
- DoD will pilot enforcement of CMMC on those ten upcoming contracts, expected to be awarded in late 2021.
- All offerors for these contracts must be assessed and graded at CMMC Level 3 in order to win their bid.
- DoD still aiming to identify 5 more contracts for a total of 15 by the end of FY21.
- OUSD (A&S) is exploring opportunities to pursue pilots outside the DoD, though CMMC remains a DoD requirement only at this time.
- Only these pilot RFPs are approved to have the CMMC requirement in them. Until Oct. 1, 2025, CMMC requirements will only be included in new acquisitions with the approval of OUSD (A&S) – specifically, that approval responsibility is delegated to CISO Katie Arrington.
2. The notional timeline the DoD showed had organizations planning to bid on these pilot contracts preparing for CMMC starting in January (now) and obtaining certification in August. (Again, it’s notional, but supports the idea that this takes time and companies need to start sooner rather than later.)
3. Training Update:
- CP/CA applicants must take training with a CMMC-AB Licensed Training Provider (LTP). LTPs are currently being trained and licensed so training won’t be available until this spring.
- Updated RP training will be available soon. Anyone who has already paid for training previously will have access to it.
4. The CMMC-AB provided more insight into why the AB is working to adopt ISO/IEC 17001:2017 accreditation:
- Once accredited, they can accredit C3PAOs in both DoD requirements and ISO 17020 (the ISO standard for certification bodies).
- This will establish two distinct lines of business:
- The AB, responsible for vetting, licensing and accrediting, informal training, RPOs and RPs
- The CAICO (CMMC Assessors and Instructors Certification Organization), responsible for training and testing CAs and instructors
5. CMMC-AB announced new board of directors for this year:
- Chairman – Karlton Johnson
- Vice Chairman – Jeff Dalton
- Secretary – Sheryl Hanchar
- Treasurer – Yong-Gon Chon
- Case Studies
- Customer Updates
- Dynamics 365
- Dynamics Portals
- Executive Order
- Microsoft Dynamics
- Microsoft SQL Server
- Microsoft Teams
- Open Source
- Press Release
- Project Management
- Software Development
- Unified Service Desk
- What We've Done
- Women in Technology
- Zero Trust Architecture