The Defense Department is looking to stand up a nonprofit organization to measure the strength of its contractors’ cybersecurity practices.
The group would be responsible for running the vendor accreditation process under the Pentagon’s new Cybersecurity Maturity Model Certification, or CMMC. The framework, which was released in draft form last month, will serve as a yardstick for determining if contractors are taking sufficient steps to protect the sensitive military data that resides on their networks.
The certification process is intended to push the Pentagon’s extensive network of vendors to strengthen their digital defenses, or at least adopt protections that are appropriate for the sensitivity of their work. The program comes adversaries like China increasingly target defense contractors to steal military secrets.
“Preventing loss of [controlled unclassified information] within the defense industrial base is critical to maintaining national security,” Pentagon officials said in a request for information published last week. They estimate there are roughly 300,000 vendors in need of certifications, most of which are small- and medium-size businesses.
The CMMC Accreditation Body would operate the certification program and oversee the independent assessment groups, or C3PAOs, that will issue credentials to contractors, according to the RFI. Pentagon officials haven’t yet finalized the structure of the organization, and in the solicitation, they asked for outside feedback on its “long-term implementation, functioning, sustainment and growth.”
Responses are due Oct. 21.
Under the certification program, assessors wi ..
Support the originator by clicking the read the rest link below.
