Information Security News mailing list archives
A Practical Guide to Next Steps of the Pentagon's Vendor Cyber Certification Program
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 6 Dec 2019 08:44:50 +0000 (UTC)
https://www.nextgov.com/ideas/2019/12/practical-guide-next-steps-pentagons-vendor-cyber-certification-program/161700/ By Bret C. Cohen CEO, Tier 1 Cyber December 5, 2019 With the release of the Defense Department’s Cybersecurity Maturity Model Certification 0.6, there are new guidelines that will require defense contractors to act now to prepare. Instead of a technical summary of the 90-page guidance, here are the steps businesses can take today, to be ready for January 2020. First, Time is of the Essence The department identified cybersecurity weaknesses in the supply chain is a threat to the economy and national intelligence. In response, the department is implementing a process whereby all 300,000-plus defense contractors—large and small, primes and subs—are required to be CMMC certified in order to bid on new contracts. The Pentagon has confirmed that cybersecurity is the fourth evaluation criteria for all new contracts. The CMMC model has five defined levels of cybersecurity preparedness ranging from basic cybersecurity hygiene to proactive and advanced levels. The certification must be performed by a third party and it is partially reimbursable. Contractors will no longer be able to self-certify. Time is of the essence, as the final rule is anticipated in January 2020 with a June 2020 effective date. However, since CMMC requires both technical practices and process maturity, the sooner contractors improve their cybersecurity preparedness the better. [...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- A Practical Guide to Next Steps of the Pentagon's Vendor Cyber Certification Program InfoSec News (Dec 06)