Cybersecurity, Privacy, & AI

Trending Now
Your AI Agent Could Become Your Biggest Insider Threat • The New Cyber Deterrent Isn’t a Weapon. It’s Cyber Recovery. • Commerce OIG Calls for Changes to NIST Vulnerability Database Management • Pentagon Looks to AI, Other Tech to Help Tackle Contested Logistics Challenges • How Defensive Cyber Responds to Hockey-Stick Growth of AI-Driven Threats
Protests & Claims Newsletter Cyber & Privacy Newsletter Compliance & Enforcement Newsletter Development Newsletter Transforming Procurement Newsletter
Published on April 13, 2022 Cyber

Show Me Your SSPs: DOD to Begin Requesting and Assessing Contractors’ System Security Plans

Show Me Your SSPs: DOD to Begin Requesting and Assessing Contractors’ System Security Plans

Den Rise | Shutterstock

At a recent Town Hall Meeting hosted by the CMMC Accreditation Body, a Defense Contract Management Agency representative announced that they will begin assessing contractors’ compliance against NIST SP 800-171 security controls through the “Medium Assessment” process that the DoD prescribed in the interim rule that created Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7020. In a Medium Assessment, the Government reviews the contractor’s current documentation (primarily the System Security Plan) and the contractor’s previous self-assessment, which contractors were required to complete by November 2020. The representative explained that he expects these assessments to begin in “a couple months.”

Source:

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–SaturdaySubscribe here.

© PubKGroup 2024