Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Pentagon releases proposed rule on cybersecurity standards for contractors | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | #hacking | #aihp

At long last, the Department of Defense has released its proposed rule on cybersecurity standards for contractors.

Following several years of development, the DOD in late 2021 shifted gears and unveiled the Cybersecurity Maturity Model Certification 2.0, which includes enhancements to the initial program first developed during the Trump administration. After reforming the program, the Pentagon has been working on a final rule that will mandate contractors that work with the department’s controlled unclassified information be CMMC certified, or risk losing their business.

The CMMC program is based upon a tiered cybersecurity framework that grades companies on a scale of one to five based on the level of classification and security necessary for their work. It was initially conceived to protect contractor information from being exploited by adversaries. Officials in years past have attributed $600 billion in annual losses to cyber thefts from adversaries.

The proposed rule is slated to be released Dec. 26, but an unpublished version is available on the federal register.

The public comment period is 60 days from publication date.

The program is not without controversy, as some contractor advocates in the past have argued the program will be expensive, onerous — particularly for small businesses and non-traditional contractors — and confusing to keep up with.

CMMC 2.0 sought to simplify things with three key features:

  • The first is a tiered model that requires contractors to implement cybersecurity standards on a scale based on the sensitivity of the information.
  • The second is an assessment requirement that allows DOD to verify implementation of the standards.
  • And the third is implementation through contracts. Once CMMC contracts are fully implemented, DOD contractors that handle sensitive information must achieve a particular CMMC level in order to win the prospective contract.

Written by Mark Pomerleau

Mark Pomerleau is a reporter for DefenseScoop, covering information warfare and cyberspace.


Click Here For The Original Source.

Click Here For The Original Source.