Pentagon Seeks Continuous Monitoring of Defense Contractors' Cybersecurity

[InfoSec News <alerts () infosecnews org>]

https://www.defenseone.com/technology/2020/04/pentagon-seeks-continuous-monitoring-defense-contractors-cybersecurity/164834/

By Mariam Baksh
Nextgov
April 23, 2020

A new monitoring system is just part of a larger plan that will end defense
contractors' ability to "self-certify" their compliance with DoD cyber
standards.

The accreditation body overseeing the Defense Department’s Cybersecurity
Maturity Model Certification program—the CMMC-AB—issued a request for proposal
that provides insight into how the group plans to keep track of contractors
outside of conducting physical audits.

The CMMC will end the DOD’s practice of allowing contractors to “self-certify”
their cybersecurity practices. Before the end of the year, the department
intends to require companies doing business with the DOD to gain a certificate
from third-party auditors that will be valid for up to three years.

“As part of the CMMC-AB’s efforts to mitigate risks posed to the country through
sharing of sensitive information with DOD supply chain partners, a continuous
monitoring solution will help fill in the gaps between assessments scheduled for
once every three years,” the RFP reads. “The CMMC-AB is issuing this request for
proposal to help us identify appropriate partners in our continuous monitoring
solution.”

The CMMC-AB posted the RFP to its LinkedIn page earlier today with a May 1
deadline for responses.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_