DOD issues draft of new contractor cyber standards

DOD issues draft of new contractor cyber standards

The Department of Defense has issued long-awaited cybersecurity standards in draft form for contractors who work with the Pentagon’s sensitive data. Version 0.4 of the Cybersecurity Maturity Model Certification (CMMC) is now live, giving contractors a glimpse into the sort of cybersecurity standards they will need to meet if they want to work on contracts that handle controlled but unclassified information. Ultimately, CMMC is an effort to secure DOD ‘s extremely complicated and spiderwebbed IT supply chain from the largest contractors to the smallest. The new standards have a five-level system that combines guidance currently in place from the National Institute of Standards and Technology with new input from the private sector and academia, including Johns Hopkins Applied Physics Lab and Carnegie Mellon Software Engineering Institute. Third-party commercial organizations will conduct certifications for contractors. The draft represents “the midpoint of development and we are requesting feedback,” according to an informational website on the model . DOD’s Office of the Under Secretary of Defense for Acquisition & Sustainment is taking feedback on CMMS through Sept. 25 with the goal of issuing another draft sometime in November. The big milestone, however, is set for January 2020, when DOD plans to issue […]

Click here to view original web page at www.fedscoop.com

Leave a Reply