Back to news

January 29, 2020 | International, C4ISR, Security

New cybersecurity standards for contractors could be finalized this week

The first version of the new cybersecurity requirements the Pentagon wants military contractors to follow could be finalized as soon as Jan. 31.

Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition and the point person for the Cybersecurity Maturity Model Certification (CMMC), told an audience Jan. 28 that she will have the requirements by the end of the month.

The CMMC is a tiered cybersecurity framework that grades companies on a scale of one to five. A score of one designates basic hygiene and a five represents advanced hygiene. Arrington said Jan. 28 that the lowest level will become the default for Department of Defense contracts and will include basic tasks such as changing passwords.

Speaking at an event hosted by the law firm Holland and Knight, Arrington said the new standards won't be in effect overnight. The auditors and assessors who will grade companies need training and new contracts will be slowly phased in.

“The likelihood that any awards will be made until 2021 [of the certification] is, I would say, highly unlikely,” she said. She noted that companies are not required to have CMMC certification until the time of award. “You have a full year to get yourselves set, to get yourself in position.”

According to one slide in her presentation, all new contracts will have the requirements in fiscal year 2026. Arrington expects 1,500 companies to be certified by the end of 2021.

The requirements are expected to be free of jargon and overly technical language that can often make military documents befuddling.

“I asked if it could be created on an eighth grade reading level. Why? Because I'm not smart and I owned a small business and I fell prey to this,” she said. “I needed it to be in something that anybody could adapt to. We hear companies all the time say my nephew is doing my cybersecurity. I need your nephew to read what I need him to do.”

Arrington promised that the requirement would not become a simple checklist, because if it does “I've failed. We failed.”

Moreover, she suggested the framework be reevaluated at least once each year because cyber threats will continue to evolve.

https://www.fifthdomain.com/dod/2020/01/28/new-cybersecurity-standards-for-contractors-could-be-finalized-this-week/

On the same subject

  • Germany cautious as France leads European defense initiative

    November 12, 2018 | International, Aerospace, Naval, Land

    Germany cautious as France leads European defense initiative

    France is leading a 10-country defense initiative in a bid to "face new threats" outside existing structures. Germany is wary that the project could entangle its military in foreign interventions and undermine the EU. Defense ministers from 10 European countries gathered in Paris on Wednesday to set the agenda for the European Intervention Initiative (EI2), a defense coalition spearheaded by French President Emmanuel Macron. "To face new threats, Europe needs a strong defense," the French Defense Ministry said in a tweet after the meeting. "With the European Intervention Initiative, 10 European countries are committed to its protection." EI2's goal is to create a results-based common strategic culture that allows for rapid response joint military operations, including in humanitarian efforts. As such, it is not aimed at establishing a supranational European army. However, as an initiative outside EU and NATO frameworks, the French Defense Ministry has tried to alleviate concerns that it would undermine defense structures in the bloc and alliance. "With the European Intervention Initiative, the whole European Union and the European pillar in NATO will also be strengthened," it added. 'Germany felt pressured' But France's efforts have done little to placate concerns in Berlin, which Paris sees as a pivotal actor in the initiative. Claudia Major, senior international security associate at the Berlin-based German Institute for International and Security Affairs (SWP), told DW that German officials are wary because "it's explicitly and deliberately organized and set up outside the European Union's structures." "For the Germans, making a deliberate attempt to setting up something meaningful outside the EU's structures — and outside NATO — is not seen as a positive move but rather as undermining the EU," Major said. "In the end, Germany felt pressured to agree and engage in the initiative, because otherwise all the talk about France and Germany being the engine of Europe and the heart of Europe, and driving European integration and cooperation forward, would look cheap, wouldn't it?" Full article: https://amp.dw.com/en/germany-cautious-as-france-leads-european-defense-initiative/a-46201409

  • Drone networks can cut cost of Middle East security, AF general says

    August 30, 2022 | International, Aerospace, C4ISR

    Drone networks can cut cost of Middle East security, AF general says

    The Navy's effort to adopt small drones as its main source of situational awareness at sea is going well enough that the Air Force wants to copy it.

  • No title found

    April 13, 2021 | International, Aerospace

    No title found

    U.S. Air Force Publishes Concept Art of Secretive Next Generation Air Dominance Jet

All news