The Department of Homeland Security's (DHS) Cyber and Infrastructure Security Agency (CISA) has issued a Shields Up Advisory amid growing geopolitical tensions surrounding Russia and Ukraine. In addition to the recent tensions, CISA and the Federal Bureau of Investigation (FBI) have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian-state sponsored cyber actors from January 2020 to February 2022.

CMMC 2.0 is here—the Department of Defense (DoD) announced the revamped version of the Cybersecurity Maturity Model Certification (CMMC) on November 4, 2021. CMMC, a cybersecurity compliance program for defense contractors, is intended to verify that contractors are taking the appropriate cybersecurity practices and measures. Contractors in the Defense Industrial Base (DIB) have been following CMMC closely as it’s slowly being phased into notices, requirements, and solicitations.

We live in the digital era and as we have seen with the pandemic, more and more aspects of life are becoming digitized. This does not exclude our federal entities, so it’s imperative that our federal government is protected from the threats that come with the digital age. As a result, GSA created a HACS (Highly Adaptive Cybersecurity Services) SIN which is dedicated to preventing leaks and cyberattacks. Before an entity can obtain a HACS SIN, they must show that they are qualified to provide thorough and extensive cybersecurity. A main part of the qualification for the HACS SIN is determined by an Assessment Evaluation and Standardization (AES) High Value Asset (HVA) assessment. Let’s dive into the HVA assessment and what it entails.

If you are a government contractor serving the Department of Defense (DoD), then you are part of an elite group of organizations that make up the Defense Industrial Base (DIB). The Cybersecurity and Infrastructure Security Agency (CISA) estimates the DIB to be made up of more than “100,000 companies and subcontractors working under contract for the Department of Defense at any given time.” As part of the DIB, you are subject to the Cybersecurity Maturity Model Certification, or better known as CMMC. CMMC is a set of cybersecurity standards created to ensure the DIB and other relevant government contractors are properly protecting sensitive unclassified information.

If you are an Information Technology (IT) firm entering into the federal government marketplace, you will be introduced to a whole new world of terms that you were previously unfamiliar with. After taking advantage of some open market contracting opportunities, you may be encouraged by one of your Contracting Officers to get on a GWAC.

Since the Cybersecurity Maturity Model Certification (CMMC) was first announced in 2020, it has undergone several changes. As the Department of Defense (DoD) and other government agencies look to deploy CMMC within government contracting, they will continue to adapt the verification method so it’s more effective.