Stacy Bostjanick, chief of defense industrial base cybersecurity within the Office of the DoD CIO, said the idea behind that move is to better protect Federal information. Toward that end, any Federal civilian contractors that handle the government’s sensitive data will have to meet basic cybersecurity standards much like those that are set to be imposed on defense contractors under the CMMC program.
“There is a FAR rule that’s going to be coming out that implements the [National Institute of Standards and Technology’s (NIST)] SP 800-171 and the 800- 172. And it’s going to go across all Federal government,” Bostjanick said during a virtual event hosted by PreVeil on April 4…
According to Bostjanick, the final rulemaking for CMMC is still in the works but should be delivered sometime later this year. Bostjanick was unable to comment on what is included in the final rule, but she did say nothing will change concerning the 110 controls the latest iteration of the program will be based on…