Just as the digitization of the US and global economy has shifted the risk landscape for companies and exposed vulnerabilities to business operations, the Federal Government has likewise become all too aware of the impact a cybersecurity incident can have on employee privacy, agency operations, and most importantly, national security. With the understanding that evolving threats require a systematic and measurable approach to securing information and proactively addressing known and potential vulnerabilities, the Federal Government has developed a risk management framework under the Federal Information Security Management Act of 2002 (FISMA) that requires agencies to evaluate their IT environments and implement security controls in accordance with assessed risk. However, in recent years the Department of Defense (DoD) has taken specific notice of the vast amount of sensitive defense-related information managed and developed by contractors in the defense industrial base. These companies operate outside the framework of FISMA, given that law’s emphasis on federal agencies, and they are a particular focus of attack from adversarial states and malicious actors. Breaches of information from defense contractor networks has resulted in billions of dollars of economic impact and a continued eroding of the US technological advantage in the defense arena.
In this blog series, we will provide an overview of the various regulations incorporated into federal contracts and key guidance provided by federal agencies relating to cybersecurity requirements for government contractors that manage and develop information under their contracts. Additionally, we will provide insight into the in-development regulations expected to be issued in the near term, such as the DoD Assessment Methodology and the Cybersecurity Maturity Model Certification (CMMC) as well as key tenets of the requirements, such as data governance and prescribed security requirements. Below is a regulatory timeline that provides an overview of key regulations that will be addressed in this series.
Chess Consulting specializes in government contract regulatory compliance matters, and our professionals possess a deep understanding of cybersecurity risk management which uniquely positions us to assist our clients. If you have questions or need assistance, please click the “contact us” button below to reach one of our experts.