Following the release of the first version of new cybersecurity standards for contractors bidding on programs, the Department of Defense is focusing on international adoption of the framework.
The Cybersecurity Maturity Model Certification (CMMC) 1.0, released in January, is a tiered cybersecurity framework that grades companies on a scale of one to five based on the level of classification and security that necessary for the work they are performing.
It was designed not only to set a level playing field for contractors, but also to increase the cybersecurity of companies that possess sensitive secrets tied to the Pentagon programs they work on.
“The CMMC team is currently working with multiple countries including Canada, the U.K., Denmark, Italy, Australia, Singapore, Sweden and Poland as well as the EU cybersecurity body,” Ellen Lord, under secretary of defense for acquisition and sustainment, said March 3 during a presentation at WEST 2020 in San Diego.
She added that these counties and groups are asking whether or not they can adopt the CMMC for their own use.
The United States, its allies and partners find themselves involved in a daily high stakes information warfare battle against sophisticated actors such as China and Russia, which have discovered that defense companies that support the military are juicy targets.
CMMC’s point person believes this framework is bigger than just the U.S. defense industrial base.
“I see it being adopted by more than just us," Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition, told Fifth Domain in February. "I definitely see the international side heavy in 2020 and 2021. Our five eye partners are like ‘hey we’re here with you.’ The EU already has a cyber standard. So I think that there will be a lot more international cooperation on this.”
Andrew Eversden contributed to this report.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.