DoD’s Cybersecurity Maturity Model Certification (CMMC) initiative

Introduction: High-profile data breaches are hitting Defense Industrial Base (DIB) supply chains

Government organizations are just as likely to suffer data breaches as any other business and are increasingly and specifically targeted. The U.S. Department of Defense (DoD) is a fine example, with a recent (October 4, 2018) data breach that affected at least 30,000 military and civilian contractors. The victims of such an attack saw hackers gaining access to their personal information and credit card numbers via a third-party system that maintained travel records.

This incident highlights the difficulties faced by the DoD when it comes to securing data, especially when entrusted to outside entities. Consequently, it underlines that the need to address tighter security needs has become a priority for the federal government networks anywhere covered defense information (CDI) is processed, stored or transmitted.

Though security breaches are inevitable, resilience to cyber-attacks can be improved and supply chain risks minimized. As Kevin Fahey, Assistant Secretary of Defense for Acquisition, said: “We need risk management solutions to assess, measure, and mitigate risk in real-time across multi-tier partner and supplier networks to achieve our goal of cost, schedule and performance, as they are only effective in a secure environment.”

DoD’s newest framework and standard for cybersecurity: CMMC

Coming in 2020, proof of adequate security is going to be a requirement for contractors of the DoD. In fact, every prime and subcontractor on a supply chain will be audited and certified under a Cybersecurity Maturity Model Certification (CMMC) framework in order to assess and enhance the cybersecurity posture of the Defense Industrial Base (DIB). This will benefit the security of contractors and the DIB, as well as help the DOD to avoid future losses due to cyber breaches.

“The concept of a CMMC framework arose in response to (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Daniel Brecht. Read the original post at: