News Feed

Pentagon shares new cybersecurity rules for government contractors – scworld.com

CDO TIMES BOT 0 Comments 3 min read

(Defense Department)
The U.S. Department of Defense introduced new cybersecurity requirements for companies that contract with the federal government.
The Pentagon said that its new rules, dubbed Cybersecurity Maturity Model Certification (CMMC), will aim to simplify the process of getting certified to do government contract work while also assuring the DOD that a company is up to snuff with its security.
“The purpose of CMMC is to verify that defense contractors are compliant with existing protections for federal contract information (FCI) and controlled unclassified information (CUI) and are protecting that information at a level commensurate with the risk from cybersecurity threats, including advanced persistent threats,” the DOD said in announcing public review of the rules.
“This rule streamlines and simplifies the process for small-and medium-sized businesses by reducing the number of assessment levels from the five in the original program to three under the new program.”

Under the new rules, companies would be able to complete the first two levels of the requirements via self-assessment tools (though the second level can also be passed with the help of a third-party security provider.) The third level of the assessment process will still need to be performed by a Defense Industrial Base Cybersecurity Assessment Center.
The hope is that the simplified process will broaden the range of companies that will consider applying for DOD contracts, particularly those that are not large providers.
“CMMC provides the tools to hold accountable entities or individuals that put U.S. information or systems at risk by knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches,” the DOD explained.
“The CMMC Program implements an annual affirmation requirement that is a key element for monitoring and enforcing accountability of a company’s cybersecurity status.”
While the rules will only apply to companies working with the DOD, the Pentagon’s deep pockets and enormous clout with the business world will mean that many of the companies complying with the new rules will also likely be applying some or all of the standards they use for government work to their private-sector business offerings and practices.
A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.

Almost 75% of all reported cyberinsurance claims during the first half of this year were attributed to business email compromise attacks, ransomware incidents, and fund transfer fraud, with average ransomware claim losses totaling $353,000.

Included in the finalized CMMC 2.0 rule are required third-party or Defense Industrial Base Cybersecurity Assessment Center compliance evaluations of contractors dealing with sensitive data although contractors with less sensitive information would be permitted to undergo self-assessments.

Fraudulent crypto token trades have allegedly been conducted by the indicted firms and individuals to lure more investors, according to the Justice Department, which noted the sequestration of over $25 million worth of cryptocurrency and several wash trading bots as part of the operation.
On-Demand Event
On-Demand Event
On-Demand Event

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.


Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms of Use.

source
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!

Leave a Reply