US Defense Contractors Don't Meet Basic Cyber Security Standards

Uploaded on 2022-12-13 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

A year after the Pentagon announced its newest cyber security guidelines the industry is still trying to work out how it will comply with the new rules and operate in a new environment. Cybersecurity Maturity Model Certification (CMMC) 2.0 recently entered the Defense Department’s rulemaking process, the final step before it becomes an official requirement. 

Despite questions about industry’s cyber security capabilities and the challenging documentation process, defense companies could be required to comply with CMMC for new contracts as soon as May 2023. 

Defense contractors will be required to comply with the CMMC framework and must prove their compliance when bidding for DoD contracts. The problem is that, right now, research shows that 87% of US defense contractors do not meet basic cyber security legal requirements that are considered vital to US national security. 

The security firm CyberSheath conducted a survey of 300 Department of Defense contractors and found that an extremely low number of respondents have the recommended level of security practices in place. Only 13% of respondents had a Supplier Risk Performance System score of 70 or above, way below the score of 110 that is required for full compliance. According to CyberSheath, the defense contractors believed a score of 70 to be adequate.

This report found that 70% have not deployed security information and event management (SIEM), 79% lack a comprehensive multi-factor authentication system, 73% do not have an end-point detection response (EDR) solution and 80% lack a vulnerability management solution. 

With recent attacks targeting the defense and critical infrastructure industries, the survey’s results are disturbing. Furthermore, this could have massive consequences for defense contractors, nearly half of whom would lose up to 40% of their revenue if DoD contract loss occurs, according to the research.

In addition to being largely non-compliant, an astounding 82% of contractors find it “moderately to extremely difficult to understand the governmental regulations on cyber security.”

CyberSheath:     National Defense Magazine:      Oodaloop:       Infosecurity-Mgazine:   HelNetSecurity:    Reddit:  

You Might Also Read: 

Hackers Achieve Widespread Penetration Of Defense Contractors:



 

« The Need For OT-centric Cyber Security Strategies
Misconfigured Cloud Applications Are Putting Your Data At Risk »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NuHarbor Security

NuHarbor Security

NuHarbor is a leading information security consulting and advisory firm specializing in Information Security, Compliance, and Risk Management.

Seclab

Seclab

Seclab is an innovative player in the protection of industrial systems and critical infrastructure against sophisticated cyber attacks.

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (Manusec) is a global series of summits focusing on Cyber Security for Critical Manufacturing Sectors.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

authUSB

authUSB

authUSB Safe Door is a tool that provides secure access to the content of USB devices that circulate in organizations.

AXA XL

AXA XL

AXA XL is the P&C and Specialty Risk Division of AXA. Professional insurance products include Cyber Insurance.

Sectigo

Sectigo

Sectigo is a leading cybersecurity provider of digital identity solutions, including TLS / SSL certificates, DevOps, IoT, and enterprise-grade PKI management, as well as multi-layered web security.

AFNOR Group

AFNOR Group

AFNOR Group designs and deploys solutions based on voluntary standards around the world and provides services including training, professional and technical information, assessment and certification.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Iconium Software

Iconium Software

DataLenz by Iconium offers continuous and real-time tracking of your data assets delivering you the tools you need to successfully reach and maintain your target security standards.

PatchAdvisor

PatchAdvisor

PatchAdvisor core services include Vulnerability Assessments/Penetration Testing, Application Vulnerability Assessments, and Incident Response.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

BreakPoint Labs

BreakPoint Labs

BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations.

PowerDMARC

PowerDMARC

PowerDMARC is a domain security and email authentication SaaS platform that helps organizations protect their domain name, brand, and emails against unauthorized use.