DHS has begun what it calls a “pathfinder assessment” to explore creating a contractor cyber compliance program similar to the DoD’s CMMC. “Our end goal is to have a means of ensuring a contractor has key cybersecurity and cyber hygiene practices in place as a condition for contract award,” explained department CIO Eric Hysen. Back in April, Hysen said that DHS was evaluating CMMC, and considering piloting that approach.
In a special notice published last week, DHS asked for stakeholder input on improving compliance with current and upcoming cybersecurity requirements. The notice states that DHS has been monitoring DoD’s progress implementing CMMC and says that the department’s goal is to put a program in place to ensure that contractors have cybersecurity and cyber hygiene practices in place prior to and as a condition of contract award.
Sources:
- FedScoop: DHS Conducting Initial Assessment for CMMC-Like Cyber Compliance Regime
- Federal Computer Week: DHS Eyes CMMC Model
- NextGov: Homeland Security Considering CMMC-like Compliance Effort
