CyberCore has published a white paper regarding the government’s upcoming regulations and how they will impact the federal community, the company reported on Tuesday. The federal government has developed regulations to mitigate risk across the industrial base.
Tina Kuhn, CyberCore Technologies’ president and CEO, has outlined how the recent regulations impact federal contractors’ ability to provide services, software and hardware to the government. As a result, she has shared five cybersecurity regulations that will impact the contracting community.
“Current regulations in the DFAR regarding the protection of Covered Defense Information (CDI) and supply chain responsibilities are being strengthened by these new regulations,” Kuhn added.
The first regulation, Section 889 of the National Defense Authorization Act (NDAA), will prohibit the use of telecommunication equipment produced by Huawei Technologies and ZTE Corporation, as well as equipment produced by Hytera Communications, Hangzhou Hikvision Digital Technology and Dahua Technology. Federal contractors that procure equipment from the stated companies cannot do business with the federal government as a prime or subcontractor.
The second regulation, SECURE Technology Act, has created a Federal Acquisition Security Council that will help reduce supply chain risks and establish a security vulnerability disclosure policy and a bug bounty program. CyberCore noted that the regulation would create more banned products for the federal community.
The third regulation, the Executive Order on Securing the Information and Communications Technology and Services (ICTS) Supply Chain, has declared that threats to the ICTS Supply Chain by foreign adversaries are a national emergency. CyberCore stated that this regulation has enhanced critical infrastructure security by monitoring transactions.
The fourth regulation, Sections 1654 and 1655 of the Fiscal Year 2019 NDAA, has required contractors to disclose agreements with a foreign government or person, which is expected to be put into law by 2021. CyberCore stated that the regulation has the potential to ban a company’s product, system, or service based on its interactions with foreign entities.
The fifth regulation, Cybersecurity Maturity Model Certification (CMMC), will require DoD contractors to be in full compliance security controls and must be validated by authorized third-party auditors. The regulation will require every DoD and government contractor to implement the CMMC defined cybersecurity controls and be certified at the required CMMC level at award and in the future by proposal submission.
Join Potomac Officers Club for its Fall 2020 CMMC Forum on Nov. 17th, 2020 to learn about the requirements and priorities of implementing the certification, including scoping of CMMC assessments, supply chain impacts and C3PAOs, as RFPs quickly approach.
Katherine Arrington, chief information security officer (CISO) for the Office of the Under Secretary of Defense for Acquisition (OUSDA) for the Department of Defense (DoD) and 2020 Wash100 Award recipient, will be featured as the keynote speaker. Don’t miss out on this must see event! Click here to register for the Fall 2020 CMMC Forum.