The first class of assessors being trained by a volunteer accreditation body established to implement the Defense Department’s Cybersecurity Maturity Model Certification program should start receiving approval within the coming week, but may not have access to continuous monitoring to conduct initial audits, as the organization struggles to fund its operations.
“We don’t have any external funds to pay for things that we needed, whether it was continuous monitoring, whether it was staff, whether it was insurance, all the normal business things we needed,” said Chris Golden, a member of the board of directors for the accreditation body, or AB. “We’ve been struggling spending a significant amount of our time trying to figure those things out versus figuring out what the ecosystem is going to look like and training people and getting assessments going and those kinds of things.”
Golden spoke along with Robert Metzger, an attorney who co-authored the MITRE report “Deliver Uncompromised” and has been a member of the Defense Science Board, during an event Friday hosted by the cybersecurity ratings company BitSight. BitSight has submitted a response to the accreditation body’s request for proposal for a continuous monitoring solution, vice president of communications and government affairs Jake Olcott told Nextgov.
Deliver Uncompromised was among the first venues where the current method of approving defense contractors’ security practices—taking the companies by their word—was deemed ineffective. In response, CMMC will require any defense contractor in possession of certain sensitive information to be audited by an independent third party.
Metzger has been a vocal critic of what he described as possible commercialization of the accredi ..
Support the originator by clicking the read the rest link below.
