Defense Department releases new cybersecurity requirements for contracts

Posted at 11:07 AM, Feb 05, 2020
and last updated 2020-02-05 11:07:51-05

NORFOLK, Va. - The Department of Defense will begin phasing in cybersecurity requirements for companies looking to land defense contracts this year.

By the end of September, at least some companies will have to certify they meet basic cybersecurity standards when responding to requests for proposals.

The new Cybersecurity Maturity Model Certification was released at the end of last month.

By fiscal year 2026 all new Department of Defense contracts will contain the cybersecurity requirements.

"I believe it is absolutely critical to be crystal clear as to what expectations for cybersecurity are, what our metrics are, and how we will audit for those expectations," Undersecretary of Defense Ellen Lord said during a Pentagon briefing on the matter.

The Defense Department says the goal is to make sure the computer networks of businesses doing work for the government can defend against intrusions by those who want to access information about contracts and development of weapons systems.


New cybersecurity requirements expected for defense contracts next year