A Practical Guide to Next Steps of the Pentagon's Vendor Cyber Certification Program

[InfoSec News <alerts () infosecnews org>]

https://www.nextgov.com/ideas/2019/12/practical-guide-next-steps-pentagons-vendor-cyber-certification-program/161700/

By Bret C. Cohen
CEO, Tier 1 Cyber
December 5, 2019

With the release of the Defense Department’s Cybersecurity Maturity Model
Certification 0.6, there are new guidelines that will require defense
contractors to act now to prepare. Instead of a technical summary of the 90-page
guidance, here are the steps businesses can take today, to be ready for January
2020.


First, Time is of the Essence

The department identified cybersecurity weaknesses in the supply chain is a
threat to the economy and national intelligence. In response, the department is
implementing a process whereby all 300,000-plus defense contractors—large and
small, primes and subs—are required to be CMMC certified in order to bid on new
contracts. The Pentagon has confirmed that cybersecurity is the fourth
evaluation criteria for all new contracts.

The CMMC model has five defined levels of cybersecurity preparedness ranging
from basic cybersecurity hygiene to proactive and advanced levels. The
certification must be performed by a third party and it is partially
reimbursable. Contractors will no longer be able to self-certify.

Time is of the essence, as the final rule is anticipated in January 2020 with a
June 2020 effective date. However, since CMMC requires both technical practices
and process maturity, the sooner contractors improve their cybersecurity
preparedness the better.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_