New cybersecurity requirements expected for defense contracts next year

Posted at 9:50 AM, Dec 30, 2019
and last updated 2019-12-30 17:03:13-05

NORFOLK, Va. - Companies that do business with the Department of Defense can expect new cybersecurity requirements for landing contracts in 2020.

By June, the Defense Department expects cybersecurity requirements will be part of requests for information, which are typically the starting point for awarding new defense contracts.

"[This] establishes security as the foundation to acquisition and combines the various cybersecurity standards into one unified standard to secure the DOD supply chain," explained Ellen Lord, undersecretary of defense for acquisition and sustainment, during a Pentagon briefing earlier this month.

The framework is expected to be made available by January. It will have five levels of certification that correlate to how critical the system in question might be.

The Defense Department says the goal is to make sure the computer networks of businesses doing work for the government can defend against intrusions by those who want to access information about contracts and development of weapons systems.

"We know the adversary is at cyber war with us every day. So, this is a U.S. economic security issue, as well as a U.S. security issue," Lord explained.

A third party is expected to handle auditing potential contractors for compliance with standards.