Securing the Supply Chain in the Defense Industrial Base

All contractors who serve government and civil agencies should pay attention to how CMMC unfolds, as this model and the underlying NIST 800-171 controls are expected to move well beyond the Defense Industrial Base (DIB) in the next few years. As part of this, CMMC has ushered in a new realm of supply chain cybersecurity requirements.  The biggest challenge may not be implementing the safeguards in each organization that handles, stores or processes sensitive data – it might be the Security Protection Asset (SPA) vendors and service providers that come into scope for the cybersecurity assessment.  We explore the current scoping guidance from CMMC-AB and the Department of Defense as it pertains to the specific category of SPAs, how this scoping is expected to impact External Service Providers and Cloud Service Providers, and how their services impact your organizations security.