Robert “Bob” Kolasky, an official at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said a CISA task force will issue “supply chain essentials” guidance that integrates aspects of the Department of Defense’s Cybersecurity Maturity Model Certification program, Nextgov reported Thursday.
Kolasky, director of CISA’s National Risk Management Center, said continued collaboration between CISA’s information and communications technology supply chain risk management task force and CMMC is vital “to make sure that we suck in the way that questions are being asked of the defense industrial base and translate that into other markets in a similar way.”
The upcoming document from the CISA task force will be voluntary for private sector organizations and federal agencies operating across the 16 critical infrastructure sectors and will incorporate questions the government and industry should ask from cybersecurity platform suppliers, a move which Kolasky said could help ensure that vendors understand security expectations.
“CMMC is a terrific start to a framework that’s going to make a meaningful difference,” Kolasky said. “It’s one of those requirements that creates more certainty for businesses and ultimately should incentivize security in a rational manner that will leave the country better off.”