Tougher Cybersecurity Rules May Be More than a Year Away—But Don’t Wait to Get Ready
Contractors should prepare for independent checks on their data systems, and maybe more reporting requirements as well.
LAUREN C. WILLIAMS | FEBRUARY 2, 2023
CYBER ACQUISITION PENTAGON
It could be well into 2024 or even early 2025 before the Defense Department finally requires contractors to obtain third-party approval of their cybersecurity setup. But there’s no time to relax, one expert says.
“You look at the DOD internal documents, they all have a 12-month schedule—if everything goes well and it's not that complicated. Well, this is complicated. Things may not go so well. So it could be 15 months, it could be 18 months; they'll want to get it done,” said Robert Metzger, a government contracting attorney with Rogers, Joseph, and O’Donnell.
Metzger spoke at a Jan. 31 virtual town hall with the CyberAB, the accreditation body that oversees the Pentagon’s Cybersecurity Maturity Model Certification program.
https://www.defenseone.com/defense-systems/2023/02/tougher-cybersecurity-rules-may-be-more-year-away-dont-wait-get-ready/382525/