DHS Explores CMMC Applications for Own Supply Chain

The Department of Homeland Security is exploring ways to use the Department of Defense's Cybersecurity Maturity Model Certification standards in its own supply chain, according to a top official. 

Thresa Lang, DHS' acting chief information security officer and a past Potomac Officers Club event speaker, said the department is conducting pilots that include standards from the CMMC, a DoD program intended to ensure contractors' compliance to certain cybersecurity requirements. 

“DHS is interested in these kinds of innovations because it’s important for us to be promoting our economy and our security," Lang said during an event held by the Association for Federal Information Resources Management.

Lang added that CMMC-based standards could provide supply chain guidance and governance for all DHS law enforcement, intelligence, national security and humanitarian response agencies. 

The General Services Administration, another civilian agency, has also begun implementing CMMC standards. 

In July, GSA included CMMC cybersecurity requirements in the $50B Streamlined Technology Application Resource for Services III government-wide acquisition contract ahead of CMMC's launch.

Internally, DHS' Cybersecurity and Infrastructure Security Agency already has measures for safeguarding information systems, aggregating threat intelligence and mitigating supply chain vulnerabilities. On the other hand, the CMMC standards are tailored to government contractors.

Lang said much of the work with vendors comes down to “just getting the right information and making sure everyone understands it.” 

“We’re starting to work with vendors to make sure that they understand what they can do for their supply chains, that they understand the controls that are required, and that they are using components and equipment that they’re very comfortable with," she said.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Speaker News

Join Us Now