The Department of Homeland Security (DHS) is launching a “pathfinder assessment” to look into a cybersecurity compliance program for its supply chain base – similar to the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program that has been in the works for more than two years.
Currently, DHS assesses industry compliance by including cyber hygiene clauses that outline specific cyber standards into its contracts and agreements. In a notice posted to SAM.gov, DHS CIO Eric Hysen said his agency is looking to go beyond its current method of evaluating contractors’ cybersecurity compliance “in light of recent events.”
“DHS has been closely monitoring the Department of Defense’s implementation of the Cybersecurity Maturity Model Certification (CMMC) program to identify lessons learned and best practices for consideration by DHS as we advance our process,” Hysen said in the Aug. 10 notice.
“Our end goal is to have a means of ensuring a contractor has key cybersecurity and cyber hygiene practices in place as a condition for contract award,” he added. “This process is a critical step in our progress towards protecting the Homeland.”
Hysen said the agency is conducting a “pathfinder assessment” to establish a stronger cyber path forward. Although Hysen did not indicate all that the pathfinder effort will look at, he said DHS will provide more information and next steps once its assessment is complete.
