International partners want in on Pentagon’s cybersecurity standards

Following the release of the first version of new cybersecurity standards for contractors bidding on programs, the Department of Defense is focusing on international adoption of the framework.

The Cybersecurity Maturity Model Certification (CMMC) 1.0, released in January, is a tiered cybersecurity framework that grades companies on a scale of one to five based on the level of classification and security that necessary for the work they are performing.

Under Secretary of Defense for Acquisition and Sustainment Ellen M. Lord holds a press briefing to update media on acquisition, reform and innovation, at the Pentagon, Washington, D.C., Aug. 26, 2019. (DoD photo by U.S. Navy Petty Officer 2nd Class James K. Lee)
Pentagon finalizes first set of cyber standards for contractors

The Pentagon has finalized the long anticipated cybersecurity standards contractors will have to follow before winning contracts from the Department of Defense, a new process called the Cybersecurity Maturity Model Certification (CMMC) 1.0.

It was designed not only to set a level playing field for contractors, but also to increase the cybersecurity of companies that possess sensitive secrets tied to the Pentagon programs they work on.

“The CMMC team is currently working with multiple countries including Canada, the U.K., Denmark, Italy, Australia, Singapore, Sweden and Poland as well as the EU cybersecurity body,” Ellen Lord, under secretary of defense for acquisition and sustainment, said March 3 during a presentation at WEST 2020 in San Diego.

She added that these counties and groups are asking whether or not they can adopt the CMMC for their own use.

The United States, its allies and partners find themselves involved in a daily high stakes information warfare battle against sophisticated actors such as China and Russia, which have discovered that defense companies that support the military are juicy targets.

CMMC’s point person believes this framework is bigger than just the U.S. defense industrial base.

“I see it being adopted by more than just us," Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition, told Fifth Domain in February. "I definitely see the international side heavy in 2020 and 2021. Our five eye partners are like ‘hey we’re here with you.’ The EU already has a cyber standard. So I think that there will be a lot more international cooperation on this.”

Andrew Eversden contributed to this report.

Recommended for you
Around The Web