In what was lightning speed in Pentagon terms, the new Cybersecurity Maturity Model Certification is out. For an update, we spoke with law firm RJO partner Bob Metzger.
An inaugural NDIA report says defense industry is financially strong and generally competitive, but points to workforce, cybersecurity challenges.
The Pentagon published the 1.0 version of its Cybersecurity Maturity Model Certification program on Friday after several months of listening sessions on draft editions. CMMC will make its way into Defense contracts later this year.
The Pentagon hopes to pick a nonprofit organization to oversee its new Cybersecurity Maturity Model Certification program by January, with CMMC being applied to at least some new contracts by next summer.
As part DoD’s move to shore up its supply chain, the Pentagon is developing with industry and other experts a new cybersecurity maturity model that is borrowing from standards like ISO 9000.
Leslie Weinstein, an Army Reserve officer and consultant for DoD, explains why the Pentagon should follow other sectors and use experts to ensure vendors are meeting cyber requirements.
In a recognition that smaller firms don’t have the infrastructure to defend themselves against sophisticated attacks, DoD will experiment with a secure cloud approach to defending sensitive information.
Starting this week, the Air Force says it wants to introduce new participants into its supplier base where it will sign one-page contracts with small businesses.
Among the options the Pentagon is considering: Conducting its own assessments of whether subcontractors are meeting new requirements to comply with NIST.
A deep-dive study from October on the defense industrial base didn’t get a lot of attention, but Wisconsin Republican Mike Gallagher was among the members of Congress who noticed.