Back to news

March 10, 2020 | International, C4ISR, Security

The Pentagon’s first class of cybersecurity auditors is almost here

Mark Pomerleau

The Pentagon hopes to have the first class of auditors to evaluate contractors' cybersecurity ready by April, a top Department of Defense official said March 5.

The auditors will be responsible for certifying companies under the new Cybersecurity Maturity Model Certification (CMMC), which is a tiered cybersecurity framework that grades companies on a scale of one to five. A score of one designates basic hygiene and a five represents advanced hygiene.

Currently, there are no auditors — known as Certified Third-Party Assessment Organizations (C3PAO) — as the accreditation board came about officially in January.

“Our goal is to have, in late April, our pilot pathfinder on the training for the C3PAOs,” Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition, said at an event hosted by DreamPort in Columbia, Maryland.

The accreditation board is working on training the auditors and the accompanying training materials

Arrington said just because there aren't any auditors already working doesn't mean companies shouldn't be getting ready.

“You've got to get prepared for the audit,” she said. “You should be able to say ‘I think I've done my self assessment, I think I'm at this CMMC level.' Waiting for the audit to come in and then decide to get good or to get on track is not the way I would position my business.”

If all goes according to plan, all new contracts in 2025 will feature the security requirements.

Arrington also suggested that the framework has received interest outside the DoD.

“Do I think that other federal agencies are getting on board? Yes they are. They're waiting for me to get through my pathfinder,” she said.

She also referred to comments made by Under Secretary of Defense for Acquisition and Sustainment Ellen Lord, who explained nearly a dozen nations and international organizations are interested in adopting CMMC.

https://www.fifthdomain.com/dod/2020/03/09/the-pentagons-first-class-of-cybersecurity-auditors-is-almost-here/

On the same subject

  • Congressional commission wants more cyberwarriors for the military

    January 8, 2020 | International, C4ISR, Security

    Congressional commission wants more cyberwarriors for the military

    Mark Pomerleau The U.S. Cyberspace Solarium Commission, a bipartisan organization created in 2019 to develop a multipronged U.S. cyber strategy, will recommend the Department of Defense add more cyberwarriors to its forces, the group's co-chair said Jan. 7. The cyber mission force was established in 2013 and includes 133 teams and roughly 6,200 individuals from across the services that feed up to U.S. Cyber Command. These forces reached a staffing milestone known as full operational capability in May 2018, however, some on the commission believe the cyber landscape has changed so that the force needs to adapt as well. In a final report that's expected in the coming months, the solarium will recommend adding more cyberwarriors. “It's fair to say that force posture today in cyber is probably not adequate," said Rep. Mike Gallagher, R-Wisc., co-chair of the U.S. Cyberspace Solarium Commission. Gallagher spoke at an event hosted by the Council on Foreign Relations in Washington Jan. 7. Within the last two years, Cyber Command has described a philosophy called persistent engagement, which is a means of constantly contesting adversary behavior in cyberspace before it can be disruptive. Persistent engagement is viewed as a means of meeting the 2018 DoD cyberspace strategy's direction to “defend forward.” That action seeks to position U.S. cyber forces outside of U.S. networks to either take action against observed adversary behavior or warn partners domestically or internationally of impending cyber activity observed in foreign networks. It is under this new approach that Gallagher and other commission members said the Pentagon must ensure its forces are capable of meeting the burgeoning challenges from bad actors. “We need to figure out what's the right size” of the force, Mark Montgomery, executive director of the commission, said at an event in November. “In my mind, the CMF probably needs to be reassessed. It might be that the assessment [says] that the size is the right size. I find that hard to believe with the growth in adversary.” The cyber mission force is made up of about 5,000 service members out of a full staff of about 6,200, Dave Luber, Cyber Command's executive director said in November. According to a defense official, it's normal that staffing will fall below 100 percent but leaders are confident in DoD's cyber forces' readiness and ability to defend the nation. During a February 2019 hearing before the Senate Armed Services Committee, Cyber Command's leader, Gen. Paul Nakasone, said the force is the right size for the threats they currently face, but as it continues to operate and adversaries improve, it will need to grow beyond the 133 teams. However, Nakasone told a defense conference in California in December that the force has been built to execute the persistent engagement strategy. “Within U.S. Cyber Command, the National Security Agency, it's about persistent engagement; this idea that we will enable our partners with information and intelligence and we will act when authorized,” he said. “This is the way forward for us ... This is the way that we've structured our force. This is the way that we developed our doctrine. This is the way that we engage our adversaries ... this is our method upon which we look at the future and say this is how we have an impact on our adversaries.” Aside from the Cyberspace Solarium Commission, Congress now requires the Department of Defense to provide quarterly readiness briefings on the cyber mission force. In the annual defense policy bill, signed into law in December, Pentagon officials must brief members of Congress on the abilities of the force to conduct cyber operations based on capability, capacity of personnel, equipment, training and equipment condition. The secretary of defense must also establish metrics for assessing the readiness of the cyber mission force, under the provision. https://www.fifthdomain.com/dod/2020/01/07/congressional-commission-wants-more-cyberwarriors-for-the-military/

  • Contract Awards by US Department of Defense - January 20, 2021

    January 21, 2021 | International, Aerospace, Naval, Land, C4ISR, Security

    Contract Awards by US Department of Defense - January 20, 2021

    AIR FORCE The Boeing Co., Seattle, Washington, has been awarded a $2,124,531,149 modification (P00232) to contract FA8625-11-C-6600 for Lot 7 production KC-46 aircraft, subscriptions and licenses and G081 flat file. The modification provides for the exercise of an option for an additional quantity of 15 KC-46 aircraft, data, subscriptions and licenses, and G081 flat file being produced under the basic contract. Work will be performed in Seattle, Washington, and is expected to be completed May 31, 2024. Fiscal 2021 aircraft procurement funds in the full amount are being obligated at the time of award. The Air Force Life Cycle Management Center, Wright-Patterson Air Force Base, Ohio, is the contracting activity. CORRECTION: The contract announced on Jan. 15, 2021, for Mile Two LLC, Dayton, Ohio, for $14,788,874, was listed with an incorrect contract number. The correct contract number is FA8650-21-C-6271. NAVY Detyens Shipyard Inc., Charleston, South Carolina, is awarded a $19,150,225 firm-fixed-price contract for a 76-calendar day shipyard availability. The work to be performed under this contract provides regular overhaul availability and dry-docking services for the fleet replenishment oiler USNS Laramie (T-AO 203). The contract also contains six unexercised options, which if exercised, would increase cumulative contract value to $19,841,567. Work will be performed in Charleston, South Carolina, and is expected to be completed by June 4, 2021. Fiscal 2021 working capital contract funds (Navy) in the amount of $19,150,225 are obligated on this award and will not expire at the end of the current fiscal year. This contract was competitively procured via the beta.SAM.gov website, with two proposals received. The Military Sealift Command, Norfolk, Virginia, is the contracting activity (N32205-21-C-4001). *Small business https://www.defense.gov/Newsroom/Contracts/Contract/Article/2477500/source/GovDelivery/

  • US Space Force is urged to flag emerging humanitarian crises on Earth

    September 12, 2024 | International, Aerospace

    US Space Force is urged to flag emerging humanitarian crises on Earth

    A new report from RAND Corp. argues that space-enabled insights could elevate the importance of human security issues for military decision-makers.

All news