Friday, May 29, 2020

DOD Cybersecurity Certification NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a notice of proposed rulemaking from the Department of Defense on “Strategic Assessment and Cybersecurity Certification Requirements”. This rulemaking was not listed in the Fall 2019 Unified Agenda.

According to a recent DOD document this rulemaking:

“Implements a standard DoD-wide methodology for assessing DoD contractor compliance with all security requirements in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations and a DoD certification process, known as the Cybersecurity Maturity Model Certification (CMMC), that measures a company’s maturity and institutionalization of cybersecurity practices and processes. Partially implements section 1648 of the FY20 NDAA.”

No comments:

/* Use this with templates/template-twocol.html */