The Department of Homeland Security has incorporated cyber hygiene standards into its contracts since 2015 but given the evolution and expansion of cybersecurity threats it wants to improve its oversight of contractor compliance with these standards.
In an Aug. 10 letter to industry, DHS officials said they have been observing the Defense Department’s use of a new framework to verify that defense contractors are using certain practices and processes to protect sensitive unclassified information down into its supply chain.
“DHS has been closely monitoring the Department of Defense’s implementation of the Cybersecurity Maturity Model Certification (CMMC) program to identify lessons learned and best practices for consideration by DHS as we advance our process,” Eric Hysen, chief information officer, and Paul Courtney, the acting chief procurement officer, said in the letter that was published on the federal government’s business opportunities website, Sam.gov. “Our end goal is to have a means of ensuring a contractor has key cybersecurity and cyber hygiene practices in place as a condition for contract award.”
To help achieve its goal of improving insight into how well contractors are complying with cybersecurity standards, the DHS officials said the department has begun a “pathfinder assessment to establish a path forward.” Once the pilot effort is completed, DHS will share more information with industry about the “next steps,” they said.
DHS is seeking industry responses to the letter until Sept. 30.