The Defense Department’s new high-profile cybersecurity regulations are on schedule for implementation this year despite potential setbacks from the COVID-19 pandemic.
Katie Arrington, chief information security officer at the office of the undersecretary of defense for acquisition and sustainment, said the Pentagon will begin rolling out the Cybersecurity Maturity Model Certification version 1.0 rules this year.
The requirements are part of the Defense Department’s push to protect industrial base networks and controlled unclassified information from cyberattacks. The CMMC rules will require contractors to be certified by third-party auditors, which will ensure that companies are adhering to certain standards. Organizations will be required to meet different levels of security requirements depending on the type of work they are doing, with level 1 being the lightest and level 5 the most stringent.
Acquisition officials unveiled their roadmap for implementation in January, before the COVID-19 pandemic roiled U.S. society and industry. The plans included releasing solicitations with CMMC requirements baked in for pathfinder programs this year.
“We are on track to do that,” Arrington said during a Project Spectrum webinar in May. “We’re still on target to release some initial [requests for information] in June. … Stay tuned, but the work hasn’t stopped and we’re still doing our absolute best to stay on track.” Project Spectrum is intended to help small businesses improve their cybersecurity and is supported by the Defense Department’s Office of Small Business Programs.
Keep reading this article at: https://www.nationaldefensemagazine.org/articles/2020/6/22/cmmc-regulations-on-the-way-despite-pandemic