Military Embedded Systems

Cybersecurity regulations enacted at DoD in effort to help secure supply chain


December 03, 2020

Lisa Daigle

Assistant Managing Editor

Military Embedded Systems

Photo: cottonbro/Pexels

ARLINGTON, Va. The U.S. Department of Defense (DoD) enacted on December 1, 2020 what it calls the Cybersecurity Maturity Model Certification (CMMC), a series of requirements that will become part of all DoD Requests for Information; the ability of contractors to bid on certain types of work with the DoD will depend on their CMMC status going forward.  

The CMMC -- a framework with five levels of certification in both cybersecurity practices and processes -- gives the DoD a mechanism to certify the cyber readiness of the prime defense contractors as well as the smaller businesses that subcontract with the primes. 

Ellen Lord, undersecretary of defense for acquisition and sustainment, said in a previous news conference about the CMMC that cybersecurity risks threaten the defense industry and the national security of the U.S. government, as well as its allies and partners; in fact, Lord noted, about $600 billion, or 1% of the global gross domestic product, is lost to cyber theft each year.



Featured Companies

U.S. Department of Defense (DoD)

1400 Defense Pentagon
Washington, DC 20301-1400