New Cyber Standards May Shrink Contractor Pool

Officials at the Defense Information Systems Agency (DISA) have expressed confusion about whether new vendor cybersecurity standards will limit the number of vendors that qualify for critical government technology projects. The Cybersecurity Maturity Model Certification (CMMS) standards published by the Pentagon in January were meant to increase cyber protections, but some small businesses have expressed concerns that they will not be able to compete for government contracts.

Under the CMMC framework, companies have their cyber practices graded on a scale of one to five. Procurement officials would use the grades to determine which vendors are eligible for certain contracts, with more sensitive projects requiring more stringent security standards.

“The CMMC establishes security as the foundation to acquisition and combines the various cybersecurity standards into one unified standard,” explained Pentagon Undersecretary for Acquisition and Sustainment, Ellen Lord.

Now, DISA officials are warning that the standard may make a significant portion of the Pentagon contractor pool ineligible for sensitive projects.

“A very small number … of the 300,000 [defense industrial base] companies have state-of-the-art cybersecurity. The majority of them are at the lower end of that one to five scale,” Maj. Gen. Garrett Yee, assistant to the director of DISA, said Monday during a speech at the agency’s annual Forecast to Industry Day.

During a media roundtable Yee was asked if the standards would impact of the pool of qualified vendors to which Yee responded, “No one knows the answer to that.”

Yee noted that the standards are meant to be both “affordable” and “achievable” for small businesses, though the Pentagon has received many questions about how small businesses, who have historically not devoted funds to cyber protections, would compete with large vendors.

During a separate speech reported by NextGov, DISA Director Vice Adm. Nancy Norton urged vendors to begin ramping up their cybersecurity efforts with the CMMC on the horizon and pushed them not to oversell their tech.

“Be honest about the scope and scale of a solution and its readiness to operate and to meet unique DOD mission requirements,” Norton said during her keynote address. “As an industry partner, you must understand … who and what is at stake in this environment. Build cybersecurity into all your products and services and capabilities from concept to completion … be as innovative in your approach to cybersecurity as you are in your functional capabilities.”

Posted in Featured News

Print

This Week on FEDtalk

Understanding Open Season Options

Tune in to FEDtalk this week for a discussion on Open Season. Your benefits experts will provide you with information on what new benefit options are available this Open Season and how you can learn more.

Read more ...

Hear it from FLEOA

FLEOA Elects New National Officers at Bi-Annual Conference

Last week, the Federal Law Enforcement Officers Association elected the following National Officers at the 25th National Conference held in College Park, Maryland:

Read more ...
FEDagent

FEDagent.com

The free weekly e-report for Federal Law Enforcement

Get in touch with us

Email FEDagent publisher

Copyright 2019 FEDagent.com
Hosted by Peak Media Company, LLC