Saturday, April 20, 2024
Creating resilient supply chains in the United States will depend on investments in manufacturing like those in the CHIPS and Science Act, which provides $52 billion to bolster semiconductor production, according to National Cyber Director Chris Inglis, who argued the traditional rip-and-replace approach won't work in the long term.
Using managed service providers to help companies reach Cybersecurity Maturity Model Certification compliance should extend beyond the Defense Department by incorporating civilian agencies that also handle controlled unclassified information, according to a former General Services Administration senior official.
The first official Cybersecurity Maturity Model Certification assessment starts Aug. 22 under the Pentagon's "joint surveillance voluntary program," where a certified third-party assessment organization will conduct the examination and report results to the Defense Contract Management Agency for final approval.
Plans to update the National Institute of Standards and Technology's controlled unclassified information publications will depend on input gathered in a current pre-call for comments due in September, according to 800-171 series leader Victoria Pillitteri, who spoke at a July 27 summit focused on the Pentagon's Cybersecurity Maturity Model certification program.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has released the first "pre-decisional draft" of its CMMC assessment process guide, known as "the CAP," for public review and comment, going into detail on how organizations can obtain a certification from the planning phase to reporting results and addressing gaps.
Senate Armed Services Committee leadership is asking the Government Accountability Office to "conduct an assessment on the incorporation of reciprocity" into the Pentagon's Cybersecurity Maturity Model Certification program, in the chamber's latest version of the fiscal year 2023 defense authorization bill.
Cyber elements in the Senate version of the fiscal year 2023 defense authorization bill are mostly Defense Department-focused, including a provision to require contractors to submit a Software Bill of Materials, and new authorities for U.S. Cyber Command to play an active role in addressing critical infrastructure attacks by "foreign powers."
The National Institute of Standards and Technology has issued a pre-draft call for comments on four publications that explain how to protect the confidentiality of sensitive government data held on nonfederal systems, which are critical to the Pentagon's Cybersecurity Maturity Model Certification program.
The Defense Department is getting closer to finalizing details on the process for contractors to obtain a cyber certification ahead of the effort's formal launch in May 2023, which will include a memo from Pentagon officials to establish a "joint surveillance program" where assessment organizations and DOD officials work together to complete voluntary examinations.
MxD, a public-private partnership funded by the Defense Department, has published a CMMC playbook to help manufacturing companies meet level one requirements in the Pentagon’s cyber certification program.
The Pentagon is planning to issue a final rule in December establishing a regime for Defense Department acquisition officials to conduct assessments of a contractor's compliance with NIST Special Publication 800-171.
Pentagon cyber chief David McKeown says there are ongoing discussions to create a "cyber secure framework" for the defense industrial base that will go beyond the CMMC program and be based on the NIST cybersecurity framework.
The Pentagon's acquisition office has issued a memorandum reminding acquisition officials of the Defense Department's current standard for the handling of controlled unclassified information and potential remedies for non-compliance.
The House Armed Services Committee has approved its version of the fiscal 2023 defense authorization bill, including provisions to create an “information collaboration environment” at CISA and directing DHS and CISA to provide details to Congress on cyber incident response responsibilities.
The House Armed Services Committee is set to mark up an annual defense policy bill that includes creation of the "Cyber Threat Information Collaboration Environment Program," a reworked version of a Cyberspace Solarium Commission proposal viewed as an important component for government-industry interaction.
The House Armed Services Committee will take the first steps today in considering cyber proposals for the fiscal year 2023 defense authorization bill, including requiring a congressional briefing from Pentagon officials on their cyber certification program and Software Bill of Materials efforts.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program announced a rebrand and new website today, aiming to align with the organization's future and offering new opportunities to bring CMMC to civilian agencies and international entities.
The Defense Department and the Cybersecurity and Infrastructure Security Agency have published a process guide to help agencies evaluate security when it comes to acquiring fifth-generation telecom technology, using the NIST risk management framework.
The Defense Department faces a calculated risk in terms of starting up third-party assessments under the Cybersecurity Maturity Model Certification program for early adopters, according to contracting attorney Robert Metzger, who sees ongoing work to finalize changes to the Pentagon's acquisition rules as one barrier for the delayed interim launch.
The Defense Department is accelerating by two months its plans to implement changes to the Cybersecurity Maturity Model Certification program, with the release of two interim final rules now expected in March 2023 and requirements to start showing up in contracts 60 days after the rules are published under a three-year rollout plan.