Washington DC | March 30, 2021 08:00 AM Eastern Daylight Time
The Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE), hosted by the Information Technology Acquisition Advisory Council (IT-AAC), a public-private partnership serving the public and private sectors for more than 15 years, is excited to announce a partnership with Ordr, an industry leader in continuous discovery, device asset inventory visibility and security of all connected devices, including unmanaged IoT, IoMT, and OT devices. This unique partnership will extend efforts by providing complete device asset inventory discovery for compliance within the CMMC COE Marketplace to improve cybersecurity protection and resilience for the global defense industrial base network of contractors, vendors, and suppliers.
“We are excited to embark on this journey with Ordr”, said John Weiler, Chairman of the Board at CMMC Center of Excellence, “The foundation of CMMC starts with visibility into devices in the network and the risks they bring. This new partnership will further help advance the goals and objectives for improving the supply chain security and resilience for the US Department of Defense (DoD)”.
Ordr provides a purpose-built platform for asset inventory and security. It discovers and secures all connected devices — from traditional servers, workstations and PCs to IoT, IoMT and OT devices. Using agentless and passive methods of data collection, connected devices can be automatically discovered and classified. Devices with vulnerabilities, weak ciphers/certificates or are subject to recall are identified. Ordr’s machine learning engine also maps and baselines device communication patterns to establish “Flow Genomes”. Ordr can then alert on anomalous behavior and dynamically generate micro-segmentation policies to allow devices only appropriate access.
“The Ordr team is thrilled to be joining the pioneering organizations and innovators that make up the CMMC COE,” said Greg Murphy, Chief Executive Officer at Ordr. “We are working with DIB contractors, vendors, and the supplier community to enable them to meet CMMC regulations quickly and efficiently. Being a part of the CMMC COE accelerates that effort.”
The executed Engagement Agreement establishes a collaborative engagement between Ordr and the CMMC COE to partner in the furthering of their respective and complementary missions and objectives regarding the adoption, use, and expansion of CMMC based cybersecurity practices, risk management, and compliance for the DIB contractor, vendor, and supplier community of providers creating a broader CMMC ecosystem globally to improve security and resilience.
Specific actions will include:
- The co-development of CMMC advisory services, cyber training and education programs to accelerate CMMC certification, increase cyber adoption and improve cyber protection & resilience.
- Co-sponsor symposiums, training programs and podcasts leveraging their combined cyber and IT expertise.
- Host regular working groups, with other partners, to enable collaboration and communications.
- Establish an independent Industry Cyber Security Advisory Council with peer organizations to advise and educate leaders across government and industry on the continued evolution and effectiveness of CMMC.
The CMMC-COE (http://cmmc-coe.org) and Ordr partnership will focus on bringing together the many disparate cyber and national security communities of interest to reduce complexity, improve awareness, and accelerate industry effort to become more cyber resilient against the growing threats from nation states and criminal enterprises.
The CMMC-COE establishes both a Market Place and Knowledge Clearinghouse that will include resources that support the overall effort, including white papers; tutorials; recorded webcasts; presentations; and more that will help reduce the cost and burden on small and medium size contractors already struggling from the impact of COVID.
Executive Director, IT-AAC
Chairman, CMMC COE
Monica Wallace for Ordr
CMMC-COE.ORG is a unique non-profit public-private partnership, with a vision to accelerate Cybersecurity Maturity Model (CMM) adoption, and reduce time & cost for security compliance for our partners by leveraging commercial best practices, CMMC standards, and innovative solutions for a measurable success. Our mission, focused on DOD mission objectives, cost containment and expeditious CMMC compliance, is to help the DIB improve cyber posture and resilience, and simplify its acquisition.
The CMMC-COE is hosted by the Information Technology Acquisition Advisory Council (IT-AAC), a public/private partnership (P3) chartered in 2007 as an honest broker to reach outside the confines of the Federal IT advisories that lack dynamic reach into the Global IT Market, and dedicated to the adoption of commercial IT management standards of practice and innovations emanating from the Global IT market. Team IT-AAC has already demonstrated the value of its decade long investment, and provides a unique value to agencies seeking to achieve accelerate the transformation of legacy processes and systems. Our Just-in-Time SMEs apply an innovative suite of Technology Business Management and Agile Acquisition Processes needed to assure the business value of commercial IT.
The Interoperability Clearinghouse (ICH), is the managing partner that make up the 24 NGO/SDO organizations that make up the IT-AAC. ICH provides the contract vehicles, clearances, and critical resources proven to guide sustainable, measurable and repeatable processes needed to drive better investment decisions as the speed of mission need, while aligning existing processes, methods and workforce with IT reform mandates contained in Clinger Cohen Act, FITARA, IT MGT Act, EO13838.
Digital transformation has led to the inevitable explosive increase of connected devices. The scale and diversity of these devices, and the capacity for network connectivity introduces risks. Every single device is a potential attack vector and must be secured.
Ordr delivers visibility and security of all connected devices — from traditional servers, workstations and PCs to IoT, IoMT and OT devices. Ordr discovers what devices are in the network, profiles device behavior and risks, and then automates appropriate action.