Private companies wishing to provide cyberdefense, among other services for the US Government must meet a new requirements framework. According to data security training experts, the US Department of Defense (DOD) has just unveiled a new cybersecurity certification model that sets new guidelines that companies will need to meet.
A few weeks ago, DOD officials submitted the final draft of the Cybersecurity Maturity Certification Model. According to the official communication platforms of the DOD, this new framework was designed to improve cybersecurity in each area of the agency; the new model focuses especially on the supply chain, one of the main cybersecurity challenges for any company.
Multiple data security training specialists agree that today’s supply chains are a complex issue for large private companies and government organizations, involving contractors, business partners, sellers, manufacturers and suppliers. Any link in a supply chain is exposed to cybersecurity incidents, compromising the rest of the participants in the process.
This is a particularly troubling issue for defense and intelligence agencies, which routinely handle national security issues. Regarding how functional the adoption of this model might be, data security training specialists still have their reservations because they believe that, on the one hand, the DOD presents excellent ideas and raises the guidelines required to cover any vector related to cybersecurity at the agency. On the other hand, there are still no concrete signs of the implementation of any of these measures in practice.
One of the methods covered in this framework is the allocation of a score between 1 and 5 to each organization, mentioned by the International Institute of Cyber Security (IICS). The more an organization adheres to the strict measures established by the DOD, the closer it will get to a score of 5; U.S. Defense agencies must also adhere to the framework.
It should be noted that, by themselves, these new processes and certifications will not protect the information of any private agency or company. The establishment of strict security measures and policies, ongoing staff training, and the use of secure and up-to-date software are critical to meeting security guidelines capable of addressing current threats.