KTL Solutions recently hosted a webinar on Cybersecurity Maturity Model Certification (CMMC) Preparedness and welcomed esteemed guest Richard Wakeman of Microsoft. Richard is the Senior Director of Aerospace & Defense and Azure Global Engineering. During the webinar we covered topics ranging from CMMC-AB Town Hall News, Microsoft Offers, and GCC versus GCC High to name a few. We also discussed some of the items coming down the pipe from the DOD including current instructions for the 5000.90 guide for Project Managers, the status of the DCMA’s DIBCAC assessments of C3PAO’s, and important updates from the CMMC-AB March Town Hall.
One item of note involves achieving compliance with NIST 800-171 requirements and not waiting until the last minute to prepare for a CMMC assessment. This cannot be stressed enough. Currently DOD Project Managers (PMs) simply validate a score in the Supplier Performance Risk System (SPRS) prior to a contract award. However, it is only a matter of time before PMs will be instructed to give preference to higher scores. With that said, it is vitally important to get your NIST 800-171 requirements in place as you work towards becoming compliant with CMMC.
Considerations: Regulations and Costs
Now that GCC is FedRAMP High and will support DFARS 252.204-7012 flow-downs, the Defense Industry Base (DIB) has options on which cloud offering works best depending on what Controlled Unclassified Information (CUI) they utilize. Does that mean a contractor can choose either GCC or GCC High? The answer is that it depends. If you transact with International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR), then GCC High is the only option. Besides regulatory considerations, a contractor must make smart business decisions as well. Weigh the cost between GCC and GCC High and think long term. Choose wisely; a decision to start in GCC could become more costly if you must later migrate to a different sovereign cloud, incurring additional expenses and losing valuable time during migration.
Expert Guidance: Microsoft and KTL Solutions
Microsoft provides excellent resources to assist in your compliance efforts. This includes tools like:
Contact KTL for a free 1-hour consultation to kickstart your journey towards CMMC Preparedness. KTL Solutions is a Microsoft Gold Partner and an authorized CMMC-RPO with CMMC-RP’s on staff to guide you.