DOD will start requiring contractors to meet cybersecurity standards next month

Dive Brief:

  • The Department of Defense (DOD) will roll out its Cybersecurity Maturity Model Certification[1] (CMMC) in January 2020 so that it can ensure contractors on government projects have the necessary cybersecurity practices in place to protect the controlled unclassified information (CUI) to which they are privy. The type of information the DOD is trying to protect includes data pertaining to critical infrastructure, nuclear, proprietary business information, procurement and acquisition. 
  • All DOD contractors must be certified through the third-party provider of their choice at the contractor’s expense. Certification levels range from basic to advanced, and in June 2020 contractors will start seeing references to CMMC requirements in Requests for Proposals. Some higher-level assessments may be performed by the DOD, the Defense Contract Management Agency or the Defense Counterintelligence and Security Agency.
  • The loss of CUI, the DOD said, poses risks to the United States’ economic security and national security, so the department is trying to better secure this information. The Executive Office of the President’s Council of Economic Advisers estimated in 2016 that malicious cyber activity cost the nation’s economy between $57 billion and $109 billion.

Dive Insight:

The DOD released the latest draft version[2] of the CMMC for public review earlier this month. In that document, the DOD delves deeper into the levels of certification.

  • Level 1 – the contractor demonstrates basic cyber hygiene as defined by Federal Acquisition Regulation[3]
  • Level 2 – the contractor demonstrates intermediate cyber hygiene and has established standard operating procedures, policies and plans for all its practices.
  • Level 3 – the contractor demonstrates good cyber hygiene and effective NIST SP 800-171 Rev 1[4] (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations) security requirements and reviews its activities for adherence to policies and procedures.
  • Level 4 – the contractor demonstrates a substantial and proactive cybersecurity program, reviews activities for effectiveness and informs management of any issues.
  • Level 5 – the contractor demonstrates a proven ability to optimize capabilities in an effort to repel advanced persistent threats, standardizes its activities across all applicable business units and shares identified improvements. 

In addition, some areas that contractors will be required to address in the certification process are:

  • Access control policies
  • Identification and authentication procedures
  • Media protection strategies
  • Protecting physical access
  • System and communication protection
  • System and informational integrity

As construction industry contractors continue to take bigger steps toward technology adoption, cyberattacks are not the only issue that should concern them. A rise in the popularity of wearables[5] —  heart rate monitors, location trackers, fall and fatigue detectors — and detect falls, and hard hat inserts that check for fatigue —  has also raised questions about data collection and privacy. 

The Safety Equipment Association has started preliminary discussion around a standard that would protect worker privacy when it comes to wearables, but that process could take years. In the meantime, contractors should start thinking about “the potential for abuse and misuse,” attorney Michelle Schaap with Chiesa Shahinian & Giantomasi PC told Construction Dive earlier this year. “Any company that adopts these tools,” she said, “must consider all of the value-adds and the potential risks before implementing these new technologies.”

References

  1. ^ Cybersecurity Maturity Model Certification (www.acq.osd.mil)
  2. ^ latest draft version (www.acq.osd.mil)
  3. ^ Federal Acquisition Regulation (www.acquisition.gov)
  4. ^ NIST SP 800-171 Rev 1 (nvlpubs.nist.gov)
  5. ^ popularity of wearables (www.constructiondive.com)

Source URL: Read More
The public content above was dynamically discovered – by graded relevancy to this site’s keyword domain name. Such discovery was by systematic attempts to filter for “Creative Commons“ re-use licensing and/or by Press Release distributions. “Source URL” states the content’s owner and/or publisher. When possible, this site references the content above to generate its value-add, the dynamic sentimental analysis below, which allows us to research global sentiments across a multitude of topics related to this site’s specific keyword domain name. Additionally, when possible, this site references the content above to provide on-demand (multilingual) translations and/or to power its “Read Article to Me” feature, which reads the content aloud to visitors. Where applicable, this site also auto-generates a “References” section, which appends the content above by listing all mentioned links. Views expressed in the content above are solely those of the author(s). We do not endorse, offer to sell, promote, recommend, or, otherwise, make any statement about the content above. We reference the content above for your “reading” entertainment purposes only. Review “DMCA & Terms”, at the bottom of this site, for terms of your access and use as well as for applicable DMCA take-down request.

Acquire this Domain
You can acquire this site’s domain name! We have nurtured its online marketing value by systematically curating this site by the domain’s relevant keywords. Explore our content network – you can advertise on each or rent vs. buy the domain. Buy@TLDtraders.com | Skype: TLDtraders | +1 (475) BUY-NAME (289 – 6263). Thousands search by this site’s exact keyword domain name! Most are sent here because search engines often love the keyword. This domain can be your 24/7 lead generator! If you own it, you could capture a large amount of online traffic for your niche. Stop wasting money on ads. Instead, buy this domain to gain a long-term marketing asset. If you can’t afford to buy then you can rent the domain.

About Us
We are Internet Investors, Developers, and Franchisers – operating a content network of several thousand sites while federating 100+ eCommerce and SaaS startups. With our proprietary “inverted incubation” model, we leverage a portfolio of $100M in valued domains to impact online trends, traffic, and transactions. We use robotic process automation, machine learning, and other proprietary approaches to power our content network. Contact us to learn how we can help you with your online marketing and/or site maintenance.

Share