In an effort to address widely unmet requirements for protecting sensitive but unclassified information across the defense industrial base, the DoD has begun stepping up enforcement of existing cybersecurity regulations and, in some cases, making requirements even stricter. The newly released draft of NIST SP 800-171B1 prescribes “enhanced requirements” that will apply to selected critical programs and high-value assets. In conjunction with recent updates to the Defense Contract Management Agency (DCMA) Contractor Purchasing System Review (CPSR) Guidebook2 adding review of contractor cybersecurity compliance and supply-chain cyber risk management practices, and a planned rollout of 3rd party compliance certification standards, defense contractors face increased pressure to improve cyber practices across the entire industrial base.
Also read: AI And Automation Will Plug Gaps in Cybersecurity
“We’re seeing more and more companies start to realize that merely having a plan is no longer enough,” said Ted Liu, Director of the Cyber Collaboration Center, a non-profit focused on building awareness and providing educational resources to the defense contracting…