Popular Voices

DHS Official Considers CMMC as a Leading Federal Effort

Bob Kolasky

DHS Official Considers CMMC as a Leading Federal Effort

Bob Kolasky, assistant director of the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center, believes that the Cybersecurity Maturity Model Certification is one of the best efforts launched by the U.S. government, considering its potential to transform the defense industrial base supply chain.  

Although the CMMC still has a long way to go, Kolasky said it now serves as a template for future cybersecurity initiatives across the DHS, as it has stimulated a desire within the agency to launch efforts that could tie into the cybersecurity program.  

Speaking at a Sepio Systems-hosted webinar, Kolasky argued that the CMMC’s success hinges on whether it is able to ensure standards compliance across the defense industrial base while keeping costs at a minimum, MeriTalk reported Thursday.  

The CMMC is slated to be integrated into contracts within the year, with third-party assessors scheduled to undergo training in the summer. The program serves as the Department of Defense’s way to ensure that its 300K pool of defense contractors comply with necessary cybersecurity requirements. In May, Fedscoop confirmed that defense contractors exclusively supplying commercial-off-the-shelf products no longer have to comply with the CMMC.

Within the DHS, Kolasky places importance on best security practices across the supply chain as the leader of the Information and Communications Technology Supply Chain Risk Management Task Force, 

“If the big IT and comms companies and their suppliers are out there doing great practices the country is going to be a heck of a lot more secure,” Kolasky said.

Kolasky’s co-leader, John Miller, said country of origin is just one of the 188 different supplier-related concerns identified by the task force. Miller urged companies to turn their attention to other security factors as well, in addition to country of origin.    

Category: Popular Voices

Tags: Bob Kolasky CISA cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Maturity Model Certification Department of Defense Department of Homeland Security John Miller MeriTalk Popular Voices Sepio Systems Yossi Appleboum