[TheRecord] Pentagon issues revised cyber standards for contractors

The Defense Department on Thursday released a revamped framework and digital security standards for contractors that is intended to “minimize barriers” for compliance.

The updated Cybersecurity Maturity Model Certification, dubbed “CMMC 2.0,” is the result of a months-long internal review by the Pentagon after industry groups and contractors expressed concerns about the scope of the effort, which began to take shape in 2019, and that it could become another source of red tape in the already bureaucracy-heavy Pentagon.

“CMMC 2.0 will dramatically strengthen the cybersecurity of the defense industrial base,” Jesse Salazar, deputy assistant secretary of defense for industrial policy, said in a statement. “By establishing a more collaborative relationship with industry, these updates will support businesses in adopting the practices they need to thwart cyber threats while minimizing barriers to compliance with DoD requirements.”

The original framework’s five-tier system is pared down to three under the new model. It also no longer requires every defense contractor to obtain a third-party certification if they don’t handle “controlled unclassified data” —a generalized classification for information which in this instance would predominantly mean DoD systems, including weapons.

Companies that do deal in such information must meet the top tier of the new model and get a third-party certification proving they possess certain cybersecurity standards before they could receive a contract award. 

However, the new framework also contains a broader waiver process for contractors.

Last week John Sherman, President Joe Biden’s nominee for Pentagon chief information officer, said he wanted to update CMMC to make it easer for companies to adhere to the department’s cyber standards.

“If confirmed, there’s a number of things I’d want to do to” the program to make it “not onerous” for small and medium-sized businesses, he told the Senate Armed Services Committee.

The post Pentagon issues revised cyber standards for contractors appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] VMware Patches High-Severity Vulnerabilities in vRealize Operations

All posts, Security Week

VMware this week announced patches for a series of vulnerabilities in vRealize Operations, including four considered high severity. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[BleepingComputer] Microsoft unveils Windows 11’s beautiful new context menus

Windows 11 preview build 22000.71 is now live in the Dev Channel of the Windows Insider program and it comes with visual improvements for the context menu and various right-click menus. […] Source: Read More (BleepingComputer)

Read More

[HackerNews] Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

All posts, HackerNews

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network’s security and gain unfettered access. The three HTTPd authentication security weaknesses (CVSS scores: 7.1 – 9.4) impact routers running firmware versions prior to v1.0.0.60, and have since Source: Read More (The […]

Read More