fbpx
27.6 C
Sydney
Thursday, December 26, 2024

Buy now

  • HIK Vision
  • HID SIGNO
  • HIKVISION NVR
HomeSecurity CamerasCCTVU.S. Department of Defense Plans Contractor Cybersecurity Audits

U.S. Department of Defense Plans Contractor Cybersecurity Audits

Category:
27.6 C
Sydney
29.5 C
Brisbane
33 C
Canberra
16.7 C
Melbourne

RECOMMENDED

WEATHER

Sydney
light rain
26 ° C
28.5 °
24.7 °
61 %
12.9kmh
20 %
Thu
26 °
Fri
36 °
Sat
25 °
Sun
26 °
Mon
25 °

Latest Articles

STAY CONNECTED

2,458FansLike
1,487FollowersFollow
0FollowersFollow
Bookmark
Page is Bookmarked

Cybersecurity audits of independent contractors are being planned by the U.S. Department of Defense with a non-profit organization being established to train and approve certifiers. If the plan gets through, cybersecurity audits of contractors are certain to leach into 5-eyes government standards.

The plan will stem the loss of controlled unclassified information – currently, defense contractors only have to self-attest their adherence to NIST special publications laying out the appropriate protections for such data.

The department intends to activate its certification programme through a non-profit accreditation body that will be tasked with training auditors, establishing the necessary infrastructure, accreditation and credentialing, and assessment operations, as laid out in a slide presentation by the official.

Companies looking to do business with DoD will have the sensitivity of their data assessed, and auditors will determine an appropriate Level 1 through 5 of security required.

“Because we’re doing rulemaking, this isn’t going to roll out as hard and fast as we thought,” a government official told a meeting of the Software Supply Chain Assurance forum recently.

Software Supply Chain Assurance forum meetings are co-led by Defense, the General Services Administration, the National Institute of Standards and Technology, and Homeland Security Department and can be attended by public and private sector representatives and conducted under Chatham House Rules – open exchange of ideas.

The official said DoD expects the CMMC requirements to be issued as a proposed rule in Q2, but regardless of the related public comment process, officials still plan to include the rules in requests for proposals starting in the third quarter.

“In June, we’re going to give you a request for information that says these procurements are targeted to have CMMC requirements,” the official told the form.

Details will be spelled out in a memorandum of understanding between the 2 entities that can be signed as soon as the accreditation body is officially incorporated. The official said that should be done “by the end of the month”.

The official said DoD expects to turn operations over to the accreditation body in February but stressed that the department is “not going to give up control of the model”, which will remain subject to change once issued.

In March, DoD plans to publish the assessment guides that auditors will use to determine what level of data protection will be required.

“We’ve got Treasury, asking about this, State, Canada,” the official said. “If we do this right,” it can really be a model for the broader ecosystem.”

#sen.news

thumbnail SECTECH

AUTHOR

SEN News
SEN Newshttps://sen.news
Security & Electronics Networks - Leading the Security Industry with News and Latest Events. Providing information and pre-release updates on the latest tech and bringing it all to you daily. SEN News has been in print for over 20 years and has grown strong as a worldwide resource in digital media.

LEAVE A REPLY

Please enter your comment!
Please enter your name here