Sunday, September 24, 2023
The Defense Department is in the process of determining which contracts will be featured in the first-year rollout of its Cybersecurity Maturity Model Certification program, according to leading Pentagon acquisition officials.
The National Defense Industrial Association is asking the Defense Department and the accreditation body behind its Cybersecurity Maturity Model Certification program for additional guidance on issues ranging from the assessment process to costs for certification.
The Information Technology Industry Council is looking for details from the Defense Department on how the Pentagon will handle the implementation of DOD's Cybersecurity Maturity Model Certification based on an interim rule currently out for public comment.
The Defense Department will issue a new policy as part of its Adaptive Acquisition Framework focused on cybersecurity to help program managers understand the processes and practices needed throughout the acquisition process, according to senior DOD officials.
Defense Department acquisition Chief Information Security Officer Katie Arrington says the defense industrial base should come together to create a model for the Pentagon's cyber certification program that buys down risk, instead of creating division and "unnecessary angst" on social media.
The Defense Department released an interim rule this week to implement its Cybersecurity Maturity Model Certification program with a section on estimated costs for each maturity level, but experts say the actual costs will depend on many factors yet to be determined.
An interim rule released this week by the Pentagon raises issues about the transparency around audit results from assessors and who will have access to the information under the Defense Department's landmark cyber certification program, according to supply chain attorneys.
The Defense Department has released the interim final rule for its Cybersecurity Maturity Model Certification program, marking a major shift in how the Pentagon will evaluate cybersecurity for contractors who make up the defense industrial base.
Rep. Jim Langevin (D-RI), a cybersecurity leader in Congress, says he is monitoring the Defense Department's work to "operationalize" the Cybersecurity Maturity Model Certification program, which is facing criticism over the rollout of the accreditation process for assessors.
The Defense Department is working on a guide to help industry and the acquisition community understand how to handle controlled unclassified information, addressing a foundational component of the Pentagon's Cybersecurity Maturity Model Certification program.
Recent developments at the independent authority overseeing accreditation of assessors for the Pentagon's cyber certification program are raising concerns at one of the nation's largest defense associations, which represents a wide variety of contractors who make up the defense industrial base.
The Defense Department expects to have a proposed acquisition rule needed to implement its cyber certification program out for public comment by November, according to Pentagon acquisition Chief Information Security Officer Katie Arrington, with the final regulation probably pushed into 2021.
The Pentagon has issued a second interim rule on how contractors who want to do business with the federal government need to provide details on Huawei and ZTE equipment and services in their systems.
The Defense Department is working on a no-cost contract with the independent authority that oversees the accreditation process for its Cybersecurity Maturity Model Certification program.
A leading professor at the Defense Acquisition University is urging Defense Department commands and acquisition offices to hold off on adding requirements related to the Pentagon's cyber certification program into their contract opportunities.
Members of the Cyberspace Solarium Commission are urging Congress to consider expanding the Pentagon's Defend Forward strategy to review the current state of military cyber capabilities and incorporate new ways to engage with the defense industrial base.
The Defense Department has issued guidance for its procurement units on how to process and review waiver requests for contractors who wish to continue using banned equipment and services from Chinese companies Huawei and ZTE.
Booz Allen Hamilton is working with clients and its own subcontractors to help prepare for the Pentagon's Cybersecurity Maturity Model Certification program through identifying gaps and assisting with remediation.
The independent accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has formally opened up applications for a range of certifications, after a month-long soft launch which generated approximately 300 organization and 775 individual registrations.
The Defense Department is expected to publish a proposed acquisition rule in July that is needed to implement the Cybersecurity Maturity Model Certification program, according to a DOD official, although it's unclear whether a planned public hearing will be held on the proposal.