Search

Pentagon to Launch New Universal Cyber Standards in 2020

Pentagon to Launch New Universal Cyber Standards in 2020

The Defense Department is creating a new unified cybersecurity framework that will be available in early 2020 and included in department solicitations by next fall, Undersecretary of Defense for Acquisition and Sustainment Ellen Lord said Aug. 26.

Speaking at a media briefing at the Pentagon, Lord announced the creation of the Cybersecurity Maturity Model Certification (CMMC) program, a collaboration with Johns Hopkins University’s Applied Physics Laboratory, the Carnegie Mellon Software Engineering Institute and industry partners.

Cybersecurity and global communication, secure data network technology, cyberattack protection for worldwide connections, finance, IoT and cryptocurrencies, planet Earth in space, elements from NASA (https://eoimages.gsfc.nasa.gov/images/imagerecords/90000/90008/europe_vir_2016_lrg.png)

“The CMMC establishes security as the foundation of acquisition and combines the various cybersecurity standards into a unified standard,” she said.

The framework will be made fully available in January 2020, and by June 2020 industry will see CMMC requirements in requests for information, Lord said. “By fall 2020, CMMC requirements will be included in request for proposals and will be a go/no go decision,” she added.

The Pentagon’s assistant secretary for acquisition, Kevin Fahey, first announced the department was working on a new cyber compliance plan this past February in Washington, D.C. (Defense Daily, Feb. 13). He described it then as a system similar to a credit score that would rate a supplier’s level of cybersecurity readiness for DoD requirements.

The Defense Department worked closely with industry associations to develop the certification program and also took lessons from the Navy, Lord said Monday. Work is ongoing on the actual implementation of the program, which will include five standard levels, she said.

“When you have a program, different subsystems can be held at different levels,” she noted. “The entire system doesn’t require a rating of a 4; different parts can have lower and then higher amounts. So if you have a hardware portion that doesn’t have a cybersecurity requirement, there won’t be much levied on that.”

The department is “extremely concerned” with supporting small businesses with this framework, and encourages those companies to reach out to industry associations and the DoD’s industrial policy team to make sure their concerns are met, Lord said. “We are trying to help people help themselves and work with us,” she said.

 



Contract Updates

BAE Systems Space & Mission Systems Inc. (Boulder, Colorado) – $48,000,000

BAE Systems Space & Mission Systems Inc., Boulder, Colorado, was awarded a $48,000,000 firm-fixed-price contract for the study, design, development, enhancement, testing, and procurement of advanced communication-electronics technologies. Bids were solicited via the internet with one received. Work locations and…


Portus Stevedoring LLC (Jacksonville, Florida) – $8,292,583

Portus Stevedoring LLC, Jacksonville, Florida, is awarded a not-to-exceed $8,292,583 firm-fixed-price, indefinite-delivery/indefinite-quantity contract with a five-year ordering period for stevedoring and related terminal services. This contract provides for full range of stevedoring and related terminal services to include the receipt,…


Foster Miller doing business as QinetiQ North America (Waltham, Massachusetts) – $11,310,230

Foster Miller, doing business as QinetiQ North America, Waltham, Massachusetts, is awarded an $11,310,230 firm-fixed-price modification to a previously awarded indefinite-delivery/indefinite-quantity contract (N00174-21-D-0019) to exercise Option Year Four for production, engineering support, and post-production support of the MK 2 Man…


EnergySolutions Services Inc. (Oak Ridge, Tennessee) – $13,336,650

EnergySolutions Services Inc., Oak Ridge, Tennessee, is being awarded a $13,336,650 firm-fixed-price, indefinite-delivery/indefinite-quantity contract action (N42158-25-D-E001) for nuclear services for the processing, recycling and disposal of radiologic materials through disassembly, decontamination, metal melting, compaction, incineration, resin sluicing/dewater, bulk waste assay…