DHS eyes plan to use self-assessments to evaluate contractor cybersecurity

The Department of Homeland Security is preparing a rule to ensure contractors are meeting cybersecurity requirements, with DHS touting a process for evaluating its vendor base through self-assessments rather than relying on a third-party certification program like the Pentagon.DHS has spent the past year conducting multiple “pathfinders” to test out a method for ensuring companies are meeting cyber hygiene clauses in their contracts. DHS issued a self-assessment questionnaire to a subset of its contractors last fall. The questionnaire was geared at measuring whether the companies were complying with a 2015 Homeland Security Acquisition Regulation for safeguarding sensitive information.Ken Bible, DHS’ chief information security officer, says the work has convinced DHS it can use the approach more broadly.