The Contracting Education Academy

Contracting Academy Logo
You are here: Home / Archives for cyber

By

DoD aims to issue proposed rule for certifying contractors’ cybersecurity in the fall

A sweeping plan to conduct independent third-party cybersecurity audits of prospective Defense Department contractors’ management of sensitive information will be subject to a formal rulemaking process, but the department and the nonprofit organization being established to train and approve certifiers are still moving at a quick clip. 

“Because we’re doing rulemaking, this isn’t going to roll out as hard and fast as we thought,” said a government official delivering a briefing on Defense’s Cybersecurity Maturity Model Certification (CMMC) program at a recent meeting of the Software Supply Chain Assurance forum.

Quarterly meetings of the forum — co-led by Defense, the General Services Administration, the National Institute of Standards and Technology, and Homeland Security Department—are attended by public and private sector representatives and conducted under the Chatham House Rule to encourage a free exchange of ideas.

The official said Defense expects the CMMC requirements to be issued as a proposed rule this fall, but regardless of the related public comment process, officials still plan to include the rules in requests for proposals starting in the third quarter.

“In June, we’re going to give you an [request for information] that says these procurements are targeted to have CMMC requirements,” the official also noted.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2020/01/dod-aims-issue-proposed-rule-certifying-contractors-cybersecurity-fall/162463/

By

These IT, cyber provisions in the NDAA may have flown under your radar

The 2020 National Defense Authorization Act always is chalk full of interesting and impactful policy changes or updates. 
The thing with the 1,794-page bill is knowing where to look.

No one person can read through the roughly 8 pounds of paper without missing a few important nuggets. So with some help of some federal experts, I dug into the NDAA and found several provisions that likely flew under your radar:

Marine Corps Maj. Gen. Dennis Crall, the senior military adviser for cyber policy for the Defense Department’s chief information officer, offered simple advice at the recent AFCEA Northern Virginia luncheon: “Read the NDAA.”

Specifically, Crall wanted industry to look at the provision requiring each military service to create a principal cyber adviser — Section 905, if you are keeping score at home.

“Congress gave us very directed tasks and responsibilities for this new billet or this new role. There are also some implied tasks. The services need some time to go through this and decide how they are going to provide a level of sufficient implementation,” Crall said.

Keep reading this article at: https://federalnewsnetwork.com/reporters-notebook-jason-miller/2020/01/these-it-cyber-provisions-in-the-ndaa-may-have-flown-under-you-radar/

By

Pentagon standing up a nonprofit to assess vendor cybersecurity

The organization would be responsible for running the department’s Cybersecurity Maturity Model Certification.

The Defense Department is looking to stand up a nonprofit organization to measure the strength of its contractors’ cybersecurity practices.

The group would be responsible for running the vendor accreditation process under the Pentagon’s new Cybersecurity Maturity Model Certification, or CMMC. The framework, which was released in draft form last month, will serve as a yardstick for determining if contractors are taking sufficient steps to protect the sensitive military data that resides on their networks.

The certification process is intended to push the Pentagon’s extensive network of vendors to strengthen their digital defenses, or at least adopt protections that are appropriate for the sensitivity of their work. The program comes adversaries like China increasingly target defense contractors to steal military secrets.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2019/10/pentagon-standing-nonprofit-assess-vendor-cybersecurity/160425/

By

A new contract offers on-demand support for cyber missions

The government has selected Parsons for a $590 million cyber contract called Combatant Commands Cyber Mission Support (CCMS).

The contract, run out of the General Services Administration (GSA), will support cyber capabilities — both hardware and software requirements — across the government to include geographic and functional combatant commands, the interagency and federal/civilian agencies.

“The contract, the way it was structured was to be able to develop and deliver capability — multi-domain capability — across the services, both defensive, non-defensive capabilities, as well as open-source, intelligence analytics through this contracting mechanism,” Paul Decker, executive vice president and head of cyber and intelligence business for Parsons, told Fifth Domain.

“The intent of this is for it to be a multiuse contract to serve both the DoD, as well as interagencies across the department … A key takeaway is as organizational requirements continue to get fed up through the various different tactical organizations, it is all going to be about having technology that is interoperable, integrateable and that can be used at each echelon at an organization.”

Keep reading this article at: https://www.fifthdomain.com/dod/2019/09/25/a-new-contract-offers-on-demand-support-for-cyber-missions

By

DoD will require vendor cybersecurity certifications by this time next year

The department released a draft maturity model and timeline for new certification requirements for all of the defense industrial base.

The government has stringent processes for verifying the IT products and services it uses comply with relevant cybersecurity standards, such as authorities to operate for cloud services and supply chain regulations for hardware products. But those standards and processes don’t cover the vendors.

For the Defense Department, this is a critical issue, as doing business with industry requires the department to share sensitive information, even at the earliest steps of the process.

The department has been kicking around the idea of creating a certification standard for defense industrial base companies to ensure vendors’ cybersecurity posture was adequate to handle controlled and classified information. That became an official effort in March, and on Sept. 4th the department released the first draft Cybersecurity Maturity Model Certification, or CMMC, outline for public comment.

Keep reading this article at: https://www.nextgov.com/cybersecurity/2019/09/dod-will-require-vendor-cybersecurity-certifications-time-next-year/159702/

 

 

Contracting Academy Logo
75 Fifth Street, NW, Suite 300
Atlanta, GA 30308
info@ContractingAcademy.gatech.edu
Phone: 404-894-6109
Fax: 404-410-6885

RSS Twitter