Bob Metzger Brings Clarity to CMMC Confusion | Exostar Interview

Why the Cybersecurity Maturity Model Certification (CMMC) is important

The United States Defense Industrial Base (DIB) faces increasing cybersecurity challenges when it comes to cybersecurity, given the highly sensitive nature of the information that it handles and the frequency, complexity, and evolving cyber threats designed to gain access to that information and threaten national security.

The recently published 2023 Threat Assessment of the U.S. Intelligence Community advises that “China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks.”  The FBI asserts that China “is seeking to become the world’s greatest superpower through predatory lending and business practices, systematic theft of intellectual property, and brazen cyber intrusions.”  China, Russia, and other threats, including ransomware criminals, pose a  present and serious danger to the integrity of every business and to the confidentiality of information they possess and use.

For more than five years, DoD has required its contractors to comply with the cyber “Safeguarding” cybersecurity requirements of DFARS 252.204-7012.  The Cybersecurity Maturity Model Certification (CMMC) framework builds on the existing cybersecurity requirements and, when the new regulations are finalize, will require businesses to pass external compliance assessments and meet stringent cybersecurity compliance standards as a condition to bid on Department of Defense (DoD) contracts.

Today, while the rulemaking proceeds, thousands of DIB companies are subject to cybersecurity requirements and the DoD has increased its scrutiny of compliance against the existing standards. This has made cybersecurity hygiene and regulatory CMMC 2.0 compliance more important than ever for businesses in the defense sector.  Non-compliance can be treated as a breach of contract, may foreclose new opportunities in the defense supply chain, and result in lost revenue, reputational damage, and even legal and financial exposure. 

Bob Metzger, of Rogers Joseph O’Donnell, PC, is an expert and recognized leader for his work on DoD cyber and supply chain security measures. In this video series, Bob shares his insights into the cybersecurity challenges that businesses in the sector now face, what likely lies ahead, and the specific requirements for cybersecurity tied to forthcoming CMMC 2.0 compliance. Learn what businesses can do to be adequately protected and achieve compliance with the present DFARS and the CMMC framework, as efficiently and effectively as possible.

Check out the videos below or the full playlist answering the industry’s top questions about CMMC compliance. 

Question 10: What “acts or omissions” might expose companies to the greatest compliance or legal risk?

Question 9: What are smart strategies to elevate and accelerate CMMC compliance while also reducing vulnerability to ransomware and other threats?

Question 8: What are the differences between the two? What are key concerns of industry and how might they be resolved?

Question 7: What is CMMC and how does it address the current shortcomings?  When will it take effect?

  
Question 6:
Is cyber incident reporting important and what’s involved?

 
Question 5:
From DoD’s perspective, what’s missing from the current cybersecurity requirements?

Question 4:
Are some companies in the defense industrial base (DIB) subject to greater or lesser cybersecurity requirements than others?

Question 3:
What cybersecurity requirements are in place today and which companies are affected?

Question 2:
What’s the difference between cybersecurity and compliance?

Question 1:
Why do we need cybersecurity requirements for unclassified information?

Eager to learn more now? Connect with a CMMC expert at Exostar.