Section 1648 of the NDAA for FY 2020 (Pub. L. 116-92)
required that the Department of Defense (DoD) develop a consistent,
comprehensive framework to enhance the cybersecurity of the United States
Defense Industrial Base (DIB). DFARS
Case 2019-D041; Strategic Assessment and Certification Cyber Security
Requirements implements a DoD assessment Methodology and Cybersecurity Maturity
Model Certification (CMMC) framework in order to assess contractor
implementation of cybersecurity requirements and enhance the protection of
unclassified information within the DoD supply chain. The theft of intellectual property and
sensitive information from all U.S. industrial sectors due to malicious cyber
activity threatens U.S. economic and national security. The aggregate loss of
intellectual property and certain unclassified information from the DoD supply
chain can undercut U.S. technical advantages and innovation, as well as
significantly increase risk to national security. The DoD Assessment Methodology and the CMMC
Framework is expected to enhance the protection of FCI and CUI within the DIB
sector.
This training session provides an overview of CMMC and
the NIST SP 800-171 DoD Assessment Methodology as it relates to DFARS Clause
252.204-7012.