Wednesday, May 8, 2024
The Energy Department has published a guide comparing its voluntary maturity model for developing cybersecurity plans to the Pentagon's upcoming program for defense contractors who are handling sensitive government data on nonfederal systems.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program plans to release a new draft of its assessment process guide, known as "the CAP," for public comment before the Defense Department completes its rulemaking efforts to finalize the program, according to CEO Matthew Travis.
The Aerospace Industries Association is advocating for the Defense Department's Cybersecurity Maturity Model Certification program to be used by civilian agencies, as part of an effort to address "ambiguity" over sensitive information held by contractors and create synergies.
The Information Technology Industry Council anticipates details on incorporating acquisition requirements for contractors under the Pentagon's Cybersecurity Maturity Model Certification program will come in the next rulemaking for the initiative, which will focus on making changes to the Defense Department's acquisition regulations.
The Professional Services Council is supportive of the Pentagon's plans to allow self assessment for less sensitive information held by defense contractors under the Cybersecurity Maturity Model Certification program, while recognizing that contracting officers could still decide to choose a higher level of security than needed to ensure adequate protection of the information on nonfederal systems.
The Defense Department is asking for input on the process to report assessment results under its Cybersecurity Maturity Model Certification program and proposed parameters to address potential gaps.
The Defense Department has issued a memorandum on equivalency for cloud service offerings between the General Services Administration’s Federal Risk and Authorization Management Program and the Pentagon's cyber certification program.
The Pentagon’s proposed rule to implement the Cybersecurity Maturity Model Certification program details the role, expectations and tasks for the accreditation body responsible for building out on the major Defense Department initiative's assessment ecosystem.
The Defense Department provides a rundown of how its proposed rule addresses small business concerns over the Cybersecurity Maturity Model Certification program, as part of a detailed breakdown of comments received on the 2020 interim final rule.
The Defense Department has revealed its plans to revamp the Cybersecurity Maturity Model Certification program in guidance documents offering an official preview on changes to the model, assessment and scoping requirements as well as the process for submitting results to the Pentagon.
A recent report commissioned by the Air Force Research Laboratory dives into how addressing cyber risks differs from other supply chain risk management issues and provides recommendations on how to take a "comprehensive approach" in addressing their needs together.
Details on the assessment process, ecosystem roles, scoping requirements and more can be found in the Defense Department proposed rule published this week for the Cybersecurity Maturity Model Certification program.
Two trade associations representing companies in the defense industrial base are raising concerns over the potential for burdensome regulation following the introduction of a massive Defense Department proposed rule to implement the major revamp of the Cybersecurity Maturity Model Certification program.
The Defense Department has released a highly anticipated proposed rule to implement its Cybersecurity Maturity Model Certification program with details on the assessment ecosystem, key elements and the use of a plan of action and milestones.
The National Security Agency has released its 2023 year-in-review report for cybersecurity, providing a rundown of efforts at NSA's Cybersecurity Collaboration Center and work with partners to address threat actors from the People's Republic of China and other nations.
Mark Montgomery of the Foundation for Defense of Democracies struck a positive tone on the House-Senate compromise version of the fiscal year 2024 defense authorization bill, while noting that some cyber provisions didn’t make the final cut.
The Defense Department will hold a public meeting on its Cybersecurity Maturity Model Certification program after the proposed rule implementing the initiative is published in the Federal Register, according to the latest unified agenda and regulatory plan.
Lawmakers have reached an agreement on the fiscal year 2024 defense authorization bill that includes provisions on modernizing cyber red teams, evaluating the creation of a U.S. Cyber Force and creating a fund at the State Department for capacity building.
A new report from the Defense Department inspector general details common cybersecurity "weaknesses" on federal contractor networks that are handling controlled unclassified information for military services and agencies.
The Defense Department's work to prepare the proposed rule for its Cybersecurity Maturity Model Certification program is nearing completion, according to a Pentagon spokesperson, with publication in the Federal Register expected as soon as next week.