Reporting Cyberattacks: Challenges for US Government Defense Contractors

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

A report published by the U.S. Government Accountability Office (GAO) on Dec. 8, 2021, highlights the complexity surrounding cybersecurity compliance for the Department of Defense (DOD) and its contractors. The GAO’s report recommended that the DOD improve its communication to industry, develop a plan to evaluate a pilot program, and develop outcome-oriented performance measures. This may also be an opportunity for DOD to simplify other defense industry cybersecurity compliance challenges, such as incident reporting.

CMMC Update

The GAO report focused on the DOD’s Cybersecurity Maturity Model Certification (CMMC), which is designed to address concerns about contractor protection of sensitive information. After unveiling the CMMC in January 2020 and considering a number of comments from the public — including one official comment from the U.S. Small Business Administration that small businesses may find it difficult to navigate the complex requirements of the CMMC — the DOD streamlined the framework on Nov. 4, 2021. Most significantly, the DOD reduced the number of certification levels in the CMMC

Read more

Explore the site

More from the blog

Latest News