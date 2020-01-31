January 31 (UPI) – The U.S. Department of Defense announced on Friday that at least some contractors bidding on defense contracts must confirm by the end of September that their proposals meet “at least a minimum level of cyber security standards”.

A Pentagon press release on Friday announced that the Department of Defense has released its new Cybersecurity Maturity Model Certification. This year, the requirements will gradually be added to requests for information and requests for quotations.

By 2026, all new contracts will include CMCC requirements announced by Ellen M. Lord at a Pentagon press conference.

“Opponents know that information and technology are cornerstones in today’s major power competition,” said Lord. “Attacking a subordinate supplier is far more attractive than attacking a prime (supplier).”

The new CMMC includes five levels of certification for cybersecurity practices and processes, starting with Katie Arrington, the Department of Defense’s Information Security Officer, who is described as “basic cyber hygiene skills we should be doing every day”: antivirus software, updated passwords.

The department will not certify potential defense companies for CMMC alone, said Lord, but “third party assessment organizations” paid by contractors, not the DoD, will conduct these assessments.

Subcontractors don’t necessarily have to have the same CMMC certification to get an order, Arrington said.

In 2018, the Justice Department filed charges against two Chinese government-related hackers for allegedly trying to steal confidential information from U.S. companies that manufacture jet engines. In 2009, the Wall Street Journal reported that hackers had stolen information about the Joint Strike Fighter Project.