The implications of the Defense Department’s plan to subject its suppliers to independent cybersecurity audits, a program known as Cybersecurity Maturity Model Certification, apply far beyond the defense industrial base. Contractors of all shapes and sizes are in a tizzy.
Before the end of the year, the Defense Department intends to finalize a rule change that will require any contractor it engages with to have obtained a certification of its cybersecurity practices from an approved external auditor. The new rule will end the department’s current practice of taking companies at their word on this.