CMMC, NIST, CUI, & DFARS News and Analysis for March 2023


CMMC, NIST, CUI, & DFARS News and Analysis for March 2023


In this episode Jacob and Jason discuss their takeaways from the Cyber AB Town Hall, CS2 Huntsville, and other interesting topics from March 2023 including recent #DoD testimony before Congress, #DIBCAC perspectives on Multifactor Authentication and #FIPS validated encryption, and other exciting topics. This month we were joined by our first ever podcast guest: DefCERT founder and CEO Ryan Bonner helps tackle a few complicated #CUI questions submitted during the Town Hall.

Episode Links:

DefCERT: https://defcert.com/

Ryan Bonner: https://www.linkedin.com/in/rybonner/

March AB Town Hall: https://cyberab.org/News-Events/Town-Halls/Details/march-2023-town-hall

Upcoming Natty Stratty Implementation Plan: https://federalnewsnetwork.com/cybersecurity/2023/03/white-house-aims-to-issue-cyber-strategy-implementation-plan-by-june/

DoDI 5230.24 (PDF): https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodi/523024p.pdf

CUI Registry CTI: https://www.archives.gov/cui/registry/category-detail/controlled-technical-info.html

DFARS 252.204-7012: https://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.htm#252.204-7012

DFARS Rights in Technical Data: https://www.acq.osd.mil/dpap/dars/dfars/html/current/227_71.htm

CMMC Scoping Guide: https://dodcio.defense.gov/CMMC/Documentation/

DI MGMT 82247: https://www.acq.osd.mil/asda/dpc/cp/cyber/docs/safeguarding/Assess-Compliance-and-Enhance-Protection-of-Contractor-System-with-Attachments-11-6-2018.pdf

CMMC Rulemaking Overview: https://youtu.be/in69ORYRx4Y

32 CFR: https://www.ecfr.gov/current/title-32

48 CFR: https://www.ecfr.gov/current/title-48

Draft CAP (PDF): https://cyberab.org/Portals/0/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf GAO Report: https://www.gao.gov/products/gao-23-105510

CMMC Scaling vs DIBCAC: https://www.federalregister.gov/d/2020-21123/p-49

CMMC Assessment Guide: https://dodcio.defense.gov/CMMC/Documentation/

NIST SP 800-171A: https://www.nist.gov/news-events/news/2018/06/nist-publishing-special-publication-sp-800-171a-assessing-security

SPRS Rule: https://www.federalregister.gov/documents/2023/03/22/2023-05671/defense-federal-acquisition-regulation-supplement-use-of-supplier-performance-risk-system-sprs

Bob Metzger's Take on SPRS Rule: https://www.linkedin.com/posts/robertmetzger_sprs-evaluation-criteria-manual-activity-7046888772768067584-7bHW

Jacob's CS2 Session: https://youtu.be/hipUN_4rfOs

Stacy's CS2 Session: https://youtu.be/ZvBvzZkwmZg

DoD Testimony 1: https://www.armed-services.senate.gov/hearings/to-receive-testimony-on-enterprise-cybersecurity-to-protect-the-department-of-defense-information-networks

DoD Testimony 2: https://armedservices.house.gov/hearings/cyber-information-technologies-and-innovation-subcommittee-hearing-defense-digital-era

Amira Armond: https://www.linkedin.com/in/amira-armond-25a77a141/