US Defense Contractors Don't Meet Basic Cyber Security Standards

Uploaded on 2022-12-13 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

A year after the Pentagon announced its newest cyber security guidelines the industry is still trying to work out how it will comply with the new rules and operate in a new environment. Cybersecurity Maturity Model Certification (CMMC) 2.0 recently entered the Defense Department’s rulemaking process, the final step before it becomes an official requirement. 

Despite questions about industry’s cyber security capabilities and the challenging documentation process, defense companies could be required to comply with CMMC for new contracts as soon as May 2023. 

Defense contractors will be required to comply with the CMMC framework and must prove their compliance when bidding for DoD contracts. The problem is that, right now, research shows that 87% of US defense contractors do not meet basic cyber security legal requirements that are considered vital to US national security. 

The security firm CyberSheath conducted a survey of 300 Department of Defense contractors and found that an extremely low number of respondents have the recommended level of security practices in place. Only 13% of respondents had a Supplier Risk Performance System score of 70 or above, way below the score of 110 that is required for full compliance. According to CyberSheath, the defense contractors believed a score of 70 to be adequate.

This report found that 70% have not deployed security information and event management (SIEM), 79% lack a comprehensive multi-factor authentication system, 73% do not have an end-point detection response (EDR) solution and 80% lack a vulnerability management solution. 

With recent attacks targeting the defense and critical infrastructure industries, the survey’s results are disturbing. Furthermore, this could have massive consequences for defense contractors, nearly half of whom would lose up to 40% of their revenue if DoD contract loss occurs, according to the research.

In addition to being largely non-compliant, an astounding 82% of contractors find it “moderately to extremely difficult to understand the governmental regulations on cyber security.”

CyberSheath:     National Defense Magazine:      Oodaloop:       Infosecurity-Mgazine:   HelNetSecurity:    Reddit:  

You Might Also Read: 

Hackers Achieve Widespread Penetration Of Defense Contractors:



 

« The Need For OT-centric Cyber Security Strategies
Misconfigured Cloud Applications Are Putting Your Data At Risk »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (Manusec) is a global series of summits focusing on Cyber Security for Critical Manufacturing Sectors.

Horangi

Horangi

Horangi provides security products and services that enable the rapid delivery of Incident Response and threat detection for our customers who lack the scale, expertise, or time to do it themselves.

Tata Consultancy Services (TCS)

Tata Consultancy Services (TCS)

Tata Consultancy Services is a global leader in IT services, consulting & business solutions including cyber security.

Kapalya

Kapalya

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application.

HumanFirewall

HumanFirewall

HumanFirewall makes it possible for every individual to take part in securing their organisation. With HumanFirewall, achieving security has never been easier.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

BTblock

BTblock

Blockchain and cybersecurity is a vital combination for Enterprise success. BTblock is a Force Multiplier for its clients.

eXate

eXate

eXate provides pioneering technology that empowers organisations to protect, control and manage their sensitive data centrally, providing a complete data privacy solution.

Sovrin Foundation

Sovrin Foundation

The Sovrin Foundation is a private-sector, international non-profit that was established to govern the world's first self-sovereign identity (SSI) network.

Pelta Cyber Security

Pelta Cyber Security

Pelta Cyber Security is the cyber security consulting and solutions division of Softworld Inc. We provide staffing and recruitment services as well as consulting and solutions for outsourced projects.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

Virtual Technologies Group (VTG)

Virtual Technologies Group (VTG)

Virtual Technologies Group is a single source, IT product and services provider for SMBs and IT departments, delivering reliable, cost-efficient service, maintenance and support solutions.

HADESS

HADESS

We are "Hadess", a group of cyber security experts and white hat hackers.

Boecore

Boecore

Boecore is an aerospace and defense engineering company that specializes in software solutions, systems engineering, cybersecurity, enterprise networks, and mission operations.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.

AmiViz

AmiViz

AmiViz is the first B2B enterprise marketplace focussed on Cybersecurity business in the Middle East and Africa, designed specially to serve the interests of enterprise resellers and vendors.