Yesterday the OMB’s Office of Information and Regulatory
Affairs (OIRA) announced
that it had received a notice of proposed rulemaking from the Department of
Defense on “Strategic Assessment and Cybersecurity Certification Requirements”.
This rulemaking was not listed in the Fall 2019 Unified Agenda.
According to a recent
DOD document this rulemaking:
“Implements a standard DoD-wide
methodology for assessing DoD contractor compliance with all security
requirements in the National Institute of Standards and Technology (NIST)
Special Publication (SP) 800-171, Protecting Controlled Unclassified
Information in Nonfederal Information Systems and Organizations and a DoD
certification process, known as the Cybersecurity Maturity Model Certification
(CMMC), that measures a company’s maturity and institutionalization of
cybersecurity practices and processes. Partially implements section 1648 of the
FY20 NDAA.”
Posts
No comments:
Post a Comment