The Department of Defense has created a new framework of cybersecurity requirements and certifications contractors must achieve under the Cybersecurity Maturity Model Certification (CMMC). But what about the DOD contractors that mostly outsource their IT and cybersecurity to managed service providers?
The Pentagon’s CMMC leadership, now housed in its Office of the CIO, is planning to meet soon to address potential requirements for managed service providers under the CMMC framework that could ease the burden for those contractors that do very little of their own IT.
“What we are looking for are ways to ease the burden on the [defense industrial base],” Stacy Bostjanick, chief of implementation and policy in the Office of the CIO, said Wednesday during a town hall event with NeoSystems. “And so cybersecurity-as-a-service is a logical place that we’re moving to,” she said, adding that the office is considering pilots to explore those kinds of arrangements.
Read the complete article here