The accreditation body overseeing the Defense Department’s cybersecurity certification for prospective contractors is also authorized to provide certified companies with cybersecurity services, according to members of the group’s board of directors.
“A continuous monitoring capability could provide benefits to organizations in the defense supply chain by increasing their awareness of changes to their current cybersecurity posture,” Mark Berman, chairman of the board’s communications committee told Nextgov. “This initiative is a potential avenue where we can provide value add to enhance and maintain the security posture.”
Berman was responding to comments from observers who say an April 22 request for proposal the accreditation board issued for a “continuous monitoring solution” marks a departure from the training and certification functions the group is expected to perform.
The Pentagon’s Cybersecurity Maturity Model Certification program is scheduled to take effect this fall following a change to defense federal acquisition regulations. Companies will have to attain third-party certification of their cybersecurity practices if they want to do business with the department. Defense contractors currently state whether they adhere to standards such as those outlined by the National Institute of Standards and Technology without any outside entity verifying their claims.