Cybersecurity regulations enacted at DoD in effort to help secure supply chainNews
December 03, 2020
ARLINGTON, Va. The U.S. Department of Defense (DoD) enacted on December 1, 2020 what it calls the Cybersecurity Maturity Model Certification (CMMC), a series of requirements that will become part of all DoD Requests for Information; the ability of contractors to bid on certain types of work with the DoD will depend on their CMMC status going forward.
The CMMC -- a framework with five levels of certification in both cybersecurity practices and processes -- gives the DoD a mechanism to certify the cyber readiness of the prime defense contractors as well as the smaller businesses that subcontract with the primes.
Ellen Lord, undersecretary of defense for acquisition and sustainment, said in a previous news conference about the CMMC that cybersecurity risks threaten the defense industry and the national security of the U.S. government, as well as its allies and partners; in fact, Lord noted, about $600 billion, or 1% of the global gross domestic product, is lost to cyber theft each year.