The Pentagon is still a year-and-a-half away from measuring contractor cybersecurity as part of the acquisition process, but is moving forward with developing the metrics it will use and building relationships with third-party auditors who will do the work, Inside CyberSecurity reported.
“We have set out an objective of coming up with new cybersecurity standards this year,” Undersecretary of Defense for Acquisition and Sustainment Ellen Lord said Monday at an Atlantic Council event in Washington. “We’ll have metrics by which to measure them. We’ll have third parties that can actually audit against them, such as [International Organization for Standardization] standards we have for quality.”
The Pentagon is deriving the cybersecurity scoring standards from the NIST framework updated last year, Lord told reporters following the event.
She hopes to have the cybersecurity standards and metrics developed “in a couple months.”
The Pentagon plans to use cybersecurity experts from Johns Hopkins Applied Physics Laboratory to score contractors against the metrics, according to Lord.