Cybersecurity Requirements for US Defense Contracts Expected in 2020

The US Department of Defense (DoD) is planning to protect its supply chain from threat actors by introducing a cybersecurity certification program for its contractors. 

Undersecretary of defense for acquisition and sustainment, Ellen Lord, said the new cybersecurity maturity model certification program will play a vital role in ensuring that the companies seeking to win DoD contracts meet stringent cybersecurity requirements.

"The cybersecurity maturity model certification, or CMMC program, establishes security as the foundation to acquisition and combines the various cybersecurity standards into one unified standard to secure the DoD supply chain," said Lord.

The certification program is expected to be up and running in June 2020, with cybersecurity requirements included as part of new requests for information. These requests typically form part of the opening stage of awarding a new defense contract.

Under the program, five different levels of certification will be established that correspond to the importance of a particular system or subsystem which a contractor is bidding to work on. 

"These levels will measure technical capabilities and process maturity," Lord said. 

The framework for the CMMC program, which will be made fully available in January, was developed in partnership with the defense industry and leadership on Capitol Hill. It was also shaped in part through engagement with the public.

Behind the program is the logical concept that any business applying to do contract work for the US government should be required to demonstrate that they have taken reasonable steps to secure the computer networks from cyber-attacks. Ensuring that the c ..

Support the originator by clicking the read the rest link below.