Information Security News mailing list archives
Pentagon Seeks Continuous Monitoring of Defense Contractors' Cybersecurity
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 27 Apr 2020 07:05:02 +0000 (UTC)
https://www.defenseone.com/technology/2020/04/pentagon-seeks-continuous-monitoring-defense-contractors-cybersecurity/164834/ By Mariam Baksh Nextgov April 23, 2020 A new monitoring system is just part of a larger plan that will end defense contractors' ability to "self-certify" their compliance with DoD cyber standards. The accreditation body overseeing the Defense Department’s Cybersecurity Maturity Model Certification program—the CMMC-AB—issued a request for proposal that provides insight into how the group plans to keep track of contractors outside of conducting physical audits. The CMMC will end the DOD’s practice of allowing contractors to “self-certify” their cybersecurity practices. Before the end of the year, the department intends to require companies doing business with the DOD to gain a certificate from third-party auditors that will be valid for up to three years. “As part of the CMMC-AB’s efforts to mitigate risks posed to the country through sharing of sensitive information with DOD supply chain partners, a continuous monitoring solution will help fill in the gaps between assessments scheduled for once every three years,” the RFP reads. “The CMMC-AB is issuing this request for proposal to help us identify appropriate partners in our continuous monitoring solution.” The CMMC-AB posted the RFP to its LinkedIn page earlier today with a May 1 deadline for responses. [...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Pentagon Seeks Continuous Monitoring of Defense Contractors' Cybersecurity InfoSec News (Apr 27)