The Defense Department’s impending cybersecurity certification requirement for all contractors has caused no shortage of concerns among small businesses worried about the cost. But the Pentagon’s lead for the effort made the case Wednesday that the move is necessary and, in some cases, will help small contractors. Under the Cybersecurity Maturity Model Certification, all vendors doing business with DoD will be required to be certified by a third-party assessor as fully compliant or be prohibited from being awarded the contract.
“We need to lower the barriers. We need to speed up acquisition. But we also need to secure the [defense industrial base],” remarked Katie Arrington, CISO for the assistant secretary for defense acquisition. “With 70% to 80% of our data living on my contractors’ networks, I don’t have a choice but to worry about how they’re doing it.”
