Saturday, June 10, 2023
Key Issues GAO on MDA Hypersonic targets DBB on space acquisition
The Aerospace Industries Association raised concerns with the House Armed Services Committee over the cost of compliance with the Pentagon's Cybersecurity Maturity Model Certification program at a Wednesday hearing focused on strengthening the defense industrial base.
Matthew Travis, CEO of the accreditation body behind the CMMC program, says he is encouraged by the Pentagon's "commitment" to move forward with establishing a cyber certification initiative for defense contractors, despite a potential shift in the rulemaking timeline.
The accreditation body behind the Pentagon's cyber certification program has published a detailed spreadsheet outlining comments from stakeholders on the group's first assessment process guide.
Companies should continue preparing for the launch of the Pentagon's Cybersecurity Maturity Model Certification program as the process to finalize rulemaking continues, according to program director Stacy Bostjanick, who spoke with Inside Cybersecurity in a wide-ranging interview.
Leaders from the defense industrial base are urging the Cybersecurity and Infrastructure Security Agency to consolidate how it will collect mandatory incident reports from the sector into a single "channel" where information is shared between the Defense Department and CISA.
Full implementation of the Pentagon's Cybersecurity Maturity Model Certification program for defense contractors will likely shift to 2024 based on revised estimates from the Defense Department in the fall 2022 unified agenda, which indicates two proposed rules are expected for release in the coming months.
Multiple agencies are expected to act on incident reporting requirements in the new year as work to digest industry feedback continues at the Securities and Exchange Commission and Cybersecurity and Infrastructure Security Agency, while changes to federal acquisition regulations from the 2021 cyber executive order are coming along with the release of the long-awaited national cyber strategy.
The Pentagon is planning to submit the first rulemaking under its cyber certification program in January for review by the White House Office of Management and Budget, according to a Defense Department spokeswoman, shifting the official launch timeframe farther down the road than previously expected.
A recent guide from the National Defense Information Sharing and Analysis Center is designed to assist small and medium-size businesses with choosing a managed service provider to help reach compliance with the Pentagon's Cybersecurity Maturity Model Certification program.
Defense contractors are having trouble complying with current cyber standards put in place in 2017, according to a recent industry survey, which puts a spotlight on the defense industrial base preparedness for the Cybersecurity Maturity Model Certification program.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is touting its progress over the past year in growing the CMMC ecosystem, while noting the number of consultants registered with the non-profit has declined due to ongoing work at the Defense Department to finalize regulations and kick off the formal program.
A coalition of industry groups is pushing for Senate Armed Services Committee leadership to drop an amendment from the fiscal year 2023 defense authorization bill that would extend the current ban on federal contractors using equipment and services from Huawei and ZTE to include three Chinese semiconductor companies.
A coalition of industry groups is urging congressional leaders to remove a provision in the Senate version of the fiscal year 2023 defense authorization bill that would direct the Defense Department to require a Software Bill of Materials from defense contractors.
A new report from the Government Accountability Office finds significant deficiencies in how the Pentagon collects and uses cyber incident reporting data from the defense industrial base required under Defense Department policy.
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence is revealing details for an upcoming project on securing the software supply chain using a DevSecOps implementation approach.
Cybersecurity Maturity Model Certification program Director Stacy Bostjanick urged defense companies to get prepared for assessment under the CMMC effort, as the process to finalize version 2.0 changes gets closer to fruition.
Defense contractors should not wait until the launch of the Cybersecurity Maturity Model Certification program to reach compliance with the Pentagon's cyber standard for handling of controlled unclassified information, according to Defense Department officials.
The Pentagon's upcoming zero-trust strategy will look at implementation across the Defense Department's "enterprise," according to Microsoft Federal Security Chief Technology Officer Steve Faehl, which he says differs from the approach on the civilian side of government and allows for increased coordination among the military services.
BSA-The Software Alliance wants the House and Senate to sort out diverging proposals on Software Bill of Materials contained each in chamber's version of this year's annual defense policy bill, and calls for an approach that goes across government rather than focusing just on the Homeland Security or Defense departments.
The National Institute of Standards and Technology's update to the Special Publication 800-171 series should include guidance on Software Bill of Materials in regards to how contractors are handling the use of controlled unclassified information held on nonfederal systems, according to recent feedback from the Defense Department and the National Security Agency.