Back to news

February 3, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

Pentagon finalizes first set of cyber standards for contractors

Mark Pomerleau

The Pentagon has finalized the long anticipated cybersecurity standards contractors will have to follow before winning contracts from the Department of Defense, a new process called the Cybersecurity Maturity Model Certification (CMMC) 1.0.

The model is a tiered cybersecurity framework that grades companies on a scale of one to five based on the level of classification and security that necessary for the work they are performing.

“The government and the contractor community must keep working together to address real and growing cybersecurity threats, and we need a robust response to protect our infrastructure, information, and supply chains,” said David Berteau, president and chief executive of the Professional Services Council, a trade association for federal contractors. “With today's announcement, DoD has achieved a significant milestone.

Here's what industry officials need to know about the version finalized Jan. 31.

Why it was needed

Previously, the Pentagon did not have unified standard for cybersecurity that businesses needed to follow when bidding for contracts. Companies could claim to meet certain industry standards for cybersecurity, but those assertions were not tested by auditors, nor did the standards take into account the type of work a company was bidding to complete. Since then, defense officials have said that cybersecurity is not a one size fits all approach.

In the meantime, adversaries have discovered it is easier to target unsuspecting down tier suppliers, rather than prime contractors.

“Adversaries know that in today's great power competition environment, information and technology are both key cornerstones and attacking a sub-tier supplier is far more appealing than a prime,” Ellen Lord, the under secretary of defense for acquisition and sustainment, told reporters in a briefing at the Pentagon Jan. 31.

Officials have said cyber theft by adversaries costs the United States about $600 billion a year.

What will change?

Contracts will mandate bidders reach a certain level of certification to win specific jobs. For example, if businesses aren't bidding on a contract that has extremely sensitive information, they must only achieve the first level of certification, which involves basic cybersecurity such as changing passwords and running antivirus software. More sensitive programs will require more stringent controls.

Smaller companies down the supply chain will not, however, have to have the same level of certification as primes, said Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition and the point person for the certification.

Another significant change with the new process is the creation of an accreditation board and assessors. The board is an outside entity, separate from DoD, that will be charged with approving assessors to certify companies in the process.

The accreditation body was formed earlier this month and officials are working on identifying and training the assessors, which will be called Certified Third-Party Assessment Organizations (C3PAO).

What's next?

Officials explained Jan. 31 that CMMC will follow a crawl, walk, run approach to ensure companies aren't unprepared for the change. The accreditation board is in the process of training the auditors that will oversee the certificaion. Once the requirements are met, a company's certification is good for 3 years.

In the meantime, DoD plans to release 10 requests for information and 10 requests for proposals that will include the new cyber standards this year. The first solicitation could come as early as June.

Arrington said earlier this week that she expects 1,500 companies to be certified by the end of 2021.

She added that all new contracts starting in fiscal year 2026 will contain the cybersecurity requirements, however, Lord noted that they will not be not retroactive to previous contracts.

https://www.fifthdomain.com/dod/2020/01/31/pentagon-finalizes-first-set-of-cyber-standards-for-contractors/

On the same subject

  • Contract Awards by US Department of Defense - December 09, 2020

    December 10, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

    Contract Awards by US Department of Defense - December 09, 2020

    ARMY Sikorksy Aircraft Corp., Stratford, Connecticut, was awarded a $507,036,949 modification (P00163) to contract W58RGZ-17-C-0009 for UH-60M HH-60M aircraft. Work will be performed in Stratford, Connecticut, with an estimated completion date of June 30, 2022. Fiscal 2021 aircraft procurement (Army) funds in the amount of $507,036,949 were obligated at the time of the award. The U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity. Lockheed Martin Corp., Orlando, Florida, was awarded a $31,123,618 modification (P00036) to contract W58RGZ-16-C-0008 for sustainment of the Modernized Target Acquisition Designation Sight/Pilot Night Vision Sensor Performance Based Logistics program. Work will be performed in Orlando, Florida, with an estimated completion date of June 30, 2021. Fiscal 2021 Army working capital funds in the amount of $31,123,618 were obligated at the time of the award. The U.S. Army Contracting Command, Redstone Arsenal, Alabama, is the contracting activity. Alliant Techsystems Operations LLC, Plymouth, Minnesota, was awarded a $12,045,421 modification (P00029) to contract W15QKN-15-C-0066 for 120mm Advanced Multipurpose XM1147 high explosive multi-purpose with tracer cartridges. Work will be performed in Plymouth, Minnesota; Rocket Center, West Virginia; Middletown, Iowa; Kingsport, Tennessee; Faribault, Minnesota; Forest Lake, Minnesota; Towanda, Pennsylvania; Cary, Illinois; Louisville, Kentucky; Falconer, New York; Clear Lake, South Dakota; Shafer, Minnesota; Green Bay, Wisconsin; Waunakee, Wisconsin; and Coachella, California, with an estimated completion date of Dec. 3, 2020. Fiscal 2020 other procurement (Army) funds; and 2019 and 2020 procurement of ammunition (Army) funds in the amount of $12,045,421 were obligated at the time of the award. The U.S. Army Contracting Command, Newark, New Jersey, is the contracting activity. NAVY Bell Boeing Joint Project Office, Amarillo, Texas, is awarded a $170,438,450 modification (P00035) against previously awarded, fixed-price-incentive-firm-target, cost-plus-fixed-fee contract N00019-17-C-0015. This modification adds scope for the production and delivery of one CMV-22B variation in quantity aircraft for the Navy and exercises options for V-22 Common Configuration Readiness and Modernization (CC-RAM) Lot 4 requirements. Additionally, this modification provides for planned maintenance interval inspections, repairs, shipping and storage containers and tooling in support of the V-22 CC-RAM program. Work will be performed in Ridley Park, Pennsylvania (91%); and Fort Worth, Texas (9%), and is expected to be completed in September 2024. Fiscal 2021 aircraft procurement (Navy) funds in the amount of $93,510,201; and fiscal 2021 operation and maintenance (Navy) funds in the amount of $766,800 will be obligated at the time of award, of which $766,800 will expire at the end of the current fiscal year. The Naval Air Systems Command, Patuxent River, Maryland, is the contracting activity. General Dynamic Electric Boat, Groton, Connecticut, is awarded a $49,808,303 cost-plus-fixed-fee modification to previously awarded contract N00024-18-C-4321 to exercise options for the New England Maintenance Manpower Initiative for non-nuclear maintenance on submarines based at Naval Submarine Support Facility, New London. Work will be performed in Groton, Connecticut, and is expected to be completed by December 2022. Fiscal 2021 operation and maintenance (Navy) funds in the amount of $10,050,000 will be obligated at time of award and will expire at the end of the current fiscal year. The Naval Sea Systems Command, Washington, D.C., is the contracting activity. General Dynamics Mission Systems, Pittsfield, Massachusetts, is being awarded a $43,212,827 cost-plus-incentive-fee modification (P00001) for the fiscal 2020-2023 Columbia (US01) and Dreadnought Class development, production and installation requirement. Work will be performed in Pittsfield, Massachusetts (90%); United Kingdom (6%); Quonset Point, Rhode Island (3%); and Groton, Connecticut (1%). Work is expected to be completed Nov. 29, 2024. Fiscal 2021 shipbuilding and conversion (Navy) funds in the amount of $28,099,033; United Kingdom funds in the amount of $1,784,240; and fiscal 2021 research, development, test and evaluation (Navy) funds in the amount of $572,760 are being obligated on this award. Of this amount, no funds will expire at the end of the current fiscal year. This contract is being awarded to the contractor on a sole-source basis under 10 U.S. Code 2304(c)(1) and (4) and was previously synopsized on the beta.sam.gov website. Strategic Systems Programs, Washington, D.C., is the contracting activity. Kratos Unmanned Aerial Systems Inc., Sacramento, California, is awarded a $38,691,360 contract modification (P00002) to previously awarded firm-fixed-price contract N00019-20-C-0075. This modification exercises an option to procure 48 BQM-177A subsonic aerial targets for the Navy as well as associated technical and administrative data in support of full rate production lot two deliveries. Work will be performed in Sacramento, California (55.8%); Dallas, Texas (17.6%); Fort Walton Beach, Florida (4.6%); Springfield, Pennsylvania (2.6%); Newton, Kansas (2.1%); Concord, California (1.9%); Milwaukie, Oregon (1.8%); Santa Ana, California (1.8%); Chatsworth, California (1.5%); Greybull, Wyoming (1.3%); and various locations within the continental U.S. (9%), and is expected to be completed in February 2023. Fiscal 2021 weapons procurement (Navy) funds in the amount of $38,691,360 will be obligated at time of award, none of which will expire at the end of the current fiscal year. $806,070 of the funds obligated for this effort were Foreign Military Sales funds converted to weapons procurement (Navy) funds for the replacement of one target expended by the government of Australia. The Naval Air Systems Command, Patuxent River, Maryland, is the contracting activity. DEFENSE LOGISTICS AGENCY LC Industries Inc., Durham, North Carolina, has been awarded a maximum $98,775,719 firm-fixed-price, indefinite-quantity contract for light chemiluminescent and shield light chemiluminescent. This was a sole-source acquisition using justification 10 U.S. Code 2304 (c)(1), as stated in Federal Acquisition Regulation 6.302-1. This is a five-year contract with no option periods. Location of performance is North Carolina, with a Dec. 9, 2025, performance completion date. Using military services are Army, Navy, Air Force and Marine Corps. Type of appropriation is fiscal 2021 through 2026 defense working capital funds. The contracting activity is the Defense Logistics Agency Aviation, Richmond, Virginia (SPE4A6-21-D-0030). AIR FORCE McCallie Associates, Bellevue, Nebraska, has been awarded a $27,635,192 firm-fixed-price, indefinite-delivery/indefinite-quantity contract for C-5M sustainment. This contract is for the delivery of technical data for organizational maintenance of the C-5M using a common source database. Work will be performed in Bellevue, Nebraska, and is expected to be completed June 9, 2025. This award is the result of a sole-source acquisition. Fiscal 2021 operation and maintenance funds in the amount of $7,613,295 are being obligated at the time of award. The Air Force Life Cycle Management Center, Robins Air Force Base, Georgia, is the contracting activity (FA8525-21-C-00001). *Small business https://www.defense.gov/Newsroom/Contracts/Contract/Article/2441580/source/GovDelivery/

  • Advanced Avionics Computer Introduced for Unmanned Vehicles

    May 2, 2019 | International, Aerospace

    Advanced Avionics Computer Introduced for Unmanned Vehicles

    Mike Rees GE Aviation has announced the introduction of a new advanced avionics computer specifically built for military and commercial unmanned aerial vehicles (UAVs). This new computer provides an open architecture design that integrates vehicle management and advanced mission processing into a compact, lightweight design. “Our customers have told us that they require an integrated vehicle and mission processing solution that is secure, rugged, low size, weight and power and capable of meeting the needs of demanding autonomous platforms,” said Alan Caslavka, president of Avionics for GE Aviation. “This new system hits it out of the park in this regard and then builds from there in terms of bringing new capabilities to the next generation of unmanned systems.” This new system incorporates the processing power required for mission functions such as sensor processing at the edge and hosting autonomy enabling algorithms and then also embeds an inertial/GPS package, software defined radio, datalink and an optional solid-state storage device. Caslavka added, “The new system incorporates diverse processing that's capable of performing safety critical and non-critical functions while bringing a new level of security to legacy and future platforms.” The system integrates the functionality traditionally provided by up to six separate electronic units into a single package which drives out weight, power, and cost while meeting the security, exportability, ruggedness and processing needs of customers. GE's advanced avionics computer has undergone flight testing and is in use by a number of military and civil customers. The computer incorporates a hardware and software open architecture approach that offers flexibility and scalability. This design also provides the capability to host GE, customer and third-party software applications to maximize its versatility. https://www.unmannedsystemstechnology.com/2019/05/advanced-avionics-computer-introduced-for-unmanned-vehicles/

  • UK to double F-35 fleet with 17-jet order, Defence Secretary announces

    November 16, 2018 | International, Aerospace

    UK to double F-35 fleet with 17-jet order, Defence Secretary announces

    Ministry of Defence, Defence Equipment and Support, and The Rt Hon Gavin Williamson CBE MP The multi-million-pound contract signed will see the UK own 35 stealth jets by end of 2022 with Britain manufacturing 15% of the overall global order for 255 aircraft. The UK is set to double its number of world-beating F-35 stealth jets after ordering 17 more aircraft, Defence Secretary Gavin Williamson has announced. The 17 new F-35B aircraft will be delivered between 2020 and 2022 and will complement the 16 British aircraft currently based at RAF Marham and in the US, as well as two additional aircraft which are already on order. Overall, the UK has committed to procure 138 aircraft over the life of the programme. Defence Secretary Gavin Williamson said: I am delighted to confirm that we are doubling the size of our F-35 force into a formidable fleet of 35 stealth fighters. This is another massive order in the biggest defence programme in history. Our military and industry are playing a leading role in the F-35 programme. We are now building this game-changing capability that will soon be ready for frontline action. This programme is set to bring an immense boost of £35 billion into the British economy, and it will be welcome news to our firms that many more jets are now set for production. The 17 jets being ordered are part of a $6 billion contract for 255 aircraft being built for the global F-35 enterprise. The announcement is also good news for the UK economy, as British companies are building approximately 15% by value of all 3,000-plus F-35s planned for production. It is projected that around £35 billion will be contributed to the UK economy through the F-35 programme, with around 25,000 British jobs also being supported. CEO of Defence Equipment and Support, Sir Simon Bollom said: As the largest operator of F-35s outside of the US, the acquisition of 17 more Lightning aircraft underscores our commitment to the programme. This new contract demonstrates how our Armed Forces are equipped by DE&S with the latest equipment and support. News of this latest order comes as F-35B aircraft are currently embarked on HMS Queen Elizabeth for flying trials in the US, which continue to progress well. The fighter jets will be jointly manned by the Royal Air Force and the Royal Navy and can operate from land and sea, forming a vital part of Carrier Strike when operating from the Queen Elizabeth Class aircraft carriers. https://www.gov.uk/government/news/uk-to-double-f-35-fleet-with-17-jet-order-defence-secretary-announces

All news