A Cybersecurity and Infrastructure Security Agency task force will release supply chain guidance that incorporates aspects of the Pentagon’s Cybersecurity Maturity Model Certification program, a CISA official said.
The Defense Department’s CMMC will require that vendors meet specific cybersecurity requirements and get certified by a third-party auditor before working with the department. As Defense officials continue to hammer out the details of the new program, they have been collaborating with CISA’s Information and Communications Technology Supply Chain Risk Management Task Force.
Continued collaboration with the CMMC program will be important, Robert Kolasky, director of CISA’s National Risk Management Center and government co-chair of the public-private task force said, “to make sure that we suck in the way that questions are being asked of the defense industrial base and translate that into other markets in a similar way.”
Unlike CMMC, CISA’s “supply chain essentials” guidance will be voluntary for federal agencies and private sector entities within the 16 critical infrastructure sectors under CISA’s remit—industries that control energy, water, finance and other essential functions all increasingly rely on information and communications technology—to use. Kolasky, however, offered enthusiastic support for the DOD program.
He joined Katie Arrington, chief information security officer for DOD’s acquisitions office, Ty Schieber, chairman of the board of the CMMC accreditation body, and others during a virtual symposium AFCEA hosted on the issue today.
“I applaud Katie and her team for championing CMMC, something I truly think has the potential to be a watershed rising tide that lifts all boats with trust and assurance in the digital world,” Kolasky said. “The companies that will go through the CMMC process also do business with the civilian govern ..
Support the originator by clicking the read the rest link below.
