10 mars 2020 | International, C4ISR, Sécurité

The Pentagon’s first class of cybersecurity auditors is almost here

Mark Pomerleau

The Pentagon hopes to have the first class of auditors to evaluate contractors' cybersecurity ready by April, a top Department of Defense official said March 5.

The auditors will be responsible for certifying companies under the new Cybersecurity Maturity Model Certification (CMMC), which is a tiered cybersecurity framework that grades companies on a scale of one to five. A score of one designates basic hygiene and a five represents advanced hygiene.

Currently, there are no auditors — known as Certified Third-Party Assessment Organizations (C3PAO) — as the accreditation board came about officially in January.

“Our goal is to have, in late April, our pilot pathfinder on the training for the C3PAOs,” Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition, said at an event hosted by DreamPort in Columbia, Maryland.

The accreditation board is working on training the auditors and the accompanying training materials

Arrington said just because there aren't any auditors already working doesn't mean companies shouldn't be getting ready.

“You've got to get prepared for the audit,” she said. “You should be able to say ‘I think I've done my self assessment, I think I'm at this CMMC level.' Waiting for the audit to come in and then decide to get good or to get on track is not the way I would position my business.”

If all goes according to plan, all new contracts in 2025 will feature the security requirements.

Arrington also suggested that the framework has received interest outside the DoD.

“Do I think that other federal agencies are getting on board? Yes they are. They're waiting for me to get through my pathfinder,” she said.

She also referred to comments made by Under Secretary of Defense for Acquisition and Sustainment Ellen Lord, who explained nearly a dozen nations and international organizations are interested in adopting CMMC.

https://www.fifthdomain.com/dod/2020/03/09/the-pentagons-first-class-of-cybersecurity-auditors-is-almost-here/

The Pentagon’s first class of cybersecurity auditors is almost here

Sur le même sujet

US Navy shipbuilders’ union approves labor pact at Bath Iron Works
Workers are receiving an increase in contributions to their national pension plan while health insurance costs will grow.

Germany unveils its first national security strategy
Find out what the government thinks of Russia and China.

US approves $2.2 billion sale of C-130J aircraft to Egypt
The State Department has also OK'd the possible $355 million sale of air defense radar systems to the key Middle East ally.

The Pentagon’s first class of cybersecurity auditors is almost here

Sur le même sujet

US Navy shipbuilders’ union approves labor pact at Bath Iron Works Workers are receiving an increase in contributions to their national pension plan while health insurance costs will grow.

Germany unveils its first national security strategy Find out what the government thinks of Russia and China.

US approves $2.2 billion sale of C-130J aircraft to Egypt The State Department has also OK'd the possible $355 million sale of air defense radar systems to the key Middle East ally.

US Navy shipbuilders’ union approves labor pact at Bath Iron Works
Workers are receiving an increase in contributions to their national pension plan while health insurance costs will grow.

Germany unveils its first national security strategy
Find out what the government thinks of Russia and China.

US approves $2.2 billion sale of C-130J aircraft to Egypt
The State Department has also OK'd the possible $355 million sale of air defense radar systems to the key Middle East ally.