The Defense Department has been ramping up efforts to quash supply chain vulnerabilities with enhanced cybersecurity guidance that gives the organization greater access to contractors’ security protocols and controls, even before awarding a contract.
A set of guidance documents released in November gave contractors a new urgency when considering security and partnering with the DoD. One requires self-attestation to comply with DFARS and the NIST Cybersecurity Framework, as well as on-site assessments and “enhanced cybersecurity measures in addition to the security requirements in NIST SP 800-171 to safeguard information stored on the contractor’s internal unclassified information system” before an award is made.
DOD expects contractors to already have a system security plan, along with plans of action and milestones, in place and outlines the consequences to the government if the security standards are not met.