Scroll Top

Pentagon Unveils CMMC 2.0

TAKE NOTE (Insights and Emerging Technology)

The CMMC 2.0 program is an effort to prod the defense industrial base to better protect its networks and controlled unclassified information against cyberattacks and theft by competitors such as China. The original CMMC cybersecurity standards were first unveiled in 2020 during the Trump administration. They included five different security levels that companies would have to achieve depending on the work they would be doing for the department for specific contracts.

The requirements were to be rolled out over time. By 2026, all Pentagon contracts were expected to include CMMC requirements. The rules would have affected more than 300,000 contractors in the vast defense industrial base.

However, after receiving pushback from companies that were concerned about the burdens and cost of implementation of CMMC, the Defense Department launched an internal review of the program earlier this year.

“As is done in the early stages of many programs, the DoD is reviewing the current approach to CMMC to ensure that it is achieving stated goals as effectively as possible while not creating barriers to participation in the DoD acquisition process,” Pentagon spokesperson Jessica Maxwell said in a statement. “This assessment will be used to identify potential improvements to the implementation of the program.”

The internal assessment included senior leaders from 18 components across the department and was co-chaired by Mieke Eoyang, deputy assistant secretary of defense for cyber policy; David Frederick, executive director of U.S. Cyber Command; David McKeown, deputy chief information officer for cybersecurity; and Jesse Salazar, deputy assistant secretary of defense for industrial policy.

On Nov. 4, with the internal assessment completed, the Pentagon announced its plans for “CMMC 2.0.”

“CMMC 2.0 will dramatically strengthen the cybersecurity of the defense industrial base,” Salazar said in a press release. “By establishing a more collaborative relationship with industry, these updates will support businesses in adopting the practices they need to thwart cyber threats while minimizing barriers to compliance with DoD requirements.”

CMMC 2.0 maintains the program’s original goal of safeguarding sensitive information, but includes changes that are intended to simplify the standards, minimize barriers to compliance, provide additional clarity on regulatory, policy and contracting requirements, increase department oversight of “professional and ethical standards in the assessment ecosystem,” and improve the overall ease of execution, according to the release.

The CMMC 2.0 changes will be implemented after the completion of the rulemaking process for the Code of Federal Regulations and the Defense Federal Acquisition Regulation Supplement, following a public comment period.

While the rulemaking is ongoing, the Pentagon plans to suspend its CMMC pilot efforts and will not include CMMC requirements in any contracts until the rulemaking efforts are completed, an effort which could take nine to 24 months, according to the Defense Department.

Read More

Interested in learning more about RPA? Download our FREE White Paper on “Embracing the Future of Work”

UNDER DEVELOPMENT (Insights for Developers)

SAP OData Explained

Intro

If you plan to expose your SAP Data (Table or Query Data) to external environment like UI5/Fiori or HANA, then you need to push your data in a form of API. By API we mean, using OData. OData will generate a service link that can be accessed via internet and can be used to perform CRUD operations. SAP OData in SAP ABAP environment is just like another ABAP Class. We can access the methods of this class using SEGW transaction. We can write our required code here for the data manipulation and once we activate the class, the service link that we generate will act accordingly.

The world is awash with vast amounts of data, and more is being created daily. The main issue is how clients will access this data on their mobile apps, web browsers, and business intelligence tools. Every data source will define its approach to exposing data. Though the different approaches might work, it means that each client would need a unique code to access data from its source, and data creators would need to detail the specific approaches for exposing their data.

SAP Open Data Protocol (OData) is a means of sharing data. It is a protocol and an abstract data model that allows clients to access information exposed by all data sources.

Definition of OData

SAP OData is a standard Web protocol used for querying and updating data present in SAP using ABAP, applying and building on Web technologies such as HTTP to provide access to information from a variety of external applications, platforms and devices.

In SAP, we use SEGW transaction code to create an OData Service. SEGW stands for Service Gateway.

Architecture of OData

OData Architecture

Parts of OData Architecture

Below are the four main elements that constitute the OData architecture.

  • The OData model: Represents the data fed from different sources in a single format using EDM {Entity Data Model}.
  • The OData Service: Is a service layer on the OData Model. It exposes the endpoint allowing a client access to data using the Odata Client Library and OData Protocol. It also converts data source formats like tables into standard formats that clients can use.
  • OData Protocol: It helps clients get responses and make requests from the OData Service. It is a series of RESTful interactions that transfers data in the forms of JSON or XML.
  • OData Client Libraries that client applications use to access data via OData Protocol. They provide ready libraries that ease the making of OData requests and accessing results, something that will simplify the work of application developers. Some of the OData Client Libraries that provide data access include Microsoft.NET Framework 3.51. JavaScript and Java.

In terms of SAP, OData is an open standard interface that all software, devices, programs, and applications from the non-SAP world can use to connect with SAP solutions. Through HTTP, users of OData can manipulate an XML document. This means you can construct, modify, write or read the document. Since OData is HTTP-based, all programming languages with HTTP stacks can be used to consume OData services. With OData, web developers can build cross-platform mobile and Web applications. The solution also allows organizations to develop services with high levels of cross-platform interoperability and data integration. This is crucial in the complex sphere that defines modern businesses.

OData has its entire query language directly in the URL. This means when you change the URL, the data sent by an OData feed also changes. As such, you can control the parts of your content that users have access to because you can get back data sent to a consumer.

OData is sometimes called ODBC (Open Database Connectivity) for the web. ODBC is a common API used to access a database management system. To achieve this, ODBC adds drivers between the database system and application layer to translate a user’s query into a language that databases can understand. In so doing, it becomes the middleware between databases and application layers. Likewise, OData is much like middleware between consumers and producers of data, that’s why people call it the ODBC of the web.

OData and the SAP Gateway

One of the leading products of SAP that rely on OData is the Netweaver Gateway. SAP Netweaver Gateway, also called SAP Gateway, is a technology that allows businesses to connect their devices, environments, and platforms to the SAP solution in which they have invested. With the product, you can access everything you need to help you seamlessly integrate with your SAP system, application, or data…

Read More

– Dig Deeper –
Create a RESTful API Using OData

Q&A (Post your questions and get the answers you need)

Q. What is the difference between extension ledger and non-leading ledger?

A. In short all postings to Non-Leading Ledgers create entries in table ACDOCA. However, with Extension Ledger, the postings in the underlying Ledger are inherited by the Extension Ledger. Thus, redundant data is eliminated from the system. But lets dig a little deeper…

Extension Ledger is a functionality that enables users to create a layer on the top of an underlying ledger. So, all postings from the underlying ledger will also apply to this extension ledger.

Records created in the leading Ledger in ACDOCA are not copied into Extension Ledgers in table ACDOCA. The system implicitly assumes that records written for Leading Ledger are part of Extension Ledger.The ACDOCA is an addon in SAP HANA which is based on the Universal Journal line items, containing all of the financial fields, as well as a lot of information from other modules.

Below is a screenshot of what an ACDOCA table looks like –

In this table, 0L stands for the primary ledger, XL for extension ledger and 2L for secondary ledger..

The current approach followed by SAP is the Ledger approach (also known as the General Ledger i.e. G/L). Prior to that, an Accounts approach was used to accommodate multiple books of accounts. This resulted in an increase in the G/L list and therefore it was not a good option in the longer run.

With SAP ERP (New G/L accounting) the concepts of Leading and Non-Leading Ledgers were conceived. Several Ledgers could now be used in parallel. The Leading Ledger must be used compulsorily whereas the usage of Non-Leading Ledgers is at the discretion of the business.

SAP S/4HANA Finance brought to the fore the concept of Extension Ledgers. It helps you to save space in the database. The duplication of journal entries can be avoided in case many business transactions are valid for the Extension Ledger and for the Secondary Ledger, which is pre-existing as a part of the SAP General Ledger. Also, the Ledgers can be validated for a given time duration and can be deactivated if you don’t require them for all the fiscal years.

Lets look at a simple example…

If we want to post into closed periods for the purpose of restatements, an Extension Ledger #1 can be created. Another Extension Ledger #2 can be used while making adjustments in data consolidation.

SAP solutions provide tools to post and view data using different views. With Extension Ledger, the amount of overlapping and redundant data can be kept in check.

Cheers!

Pin It on Pinterest

Share This

If you enjoyed this post, why not share it with your friends!