The Department of Defense‘s push to secure its leaky supply chain from cyberattacks might “rapidly” become a standard for civilian agencies too.
Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said Thursday that she has met with Chris Krebs — the head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) — to discuss the DoD’s new Cybersecurity Maturity Model Certification (CMMC) and how it could translate eventually to civilian, non-defense federal contractors.
Arrington was said she believes CMMC “will become a federal standard for the whole of government rapidly.” But, a CISA official was more cautious about amplifying CMMC beyond its defense acquisition purposes, saying “civilian agencies operate under separate acquisition authorities and CMMC is a DoD-specific program.”
“CISA is certainly following the development of CMMC with great interest and it’s likely that civilian agencies will naturally benefit from CMMC implementation,” the official told FedScoop. “Due to that overlap, we aim to harmonize our cybersecurity approaches as much as possible, including on directives.”
Keep reading this article at: https://www.fedscoop.com/cmmc-federal-standards-for-acqusition/