Critical Infrastructure Security

Contractor readiness for DoD’s cybersecurity program lagging

An aerial view of the Pentagon, Washington, D.C., May 15, 2023. (DoD photo by U.S. Air Force Staff Sgt. John Wright)

Cybersecurity Dive reports that only 1% of U.S. defense contractors expressed total readiness for Cybersecurity Maturity Model Certification evaluations once the program is implemented next month.

Findings from a CyberSheath survey showed that preparedness remains uneven, with fewer than half of respondents having implemented required security controls or completed necessary documentation, such as system security plans and plans of action and milestones.

Adoption of key security measures remains limited. Only 22% have patch-management systems, 25% have endpoint detection and response tools, 27% use multifactor authentication, and just 29% of contractors have reliable backup systems. Supplier Performance Risk System scores, which are required for full compliance, remain a concern, as none of the surveyed contractors reached the required score of 110, and 17% still reported negative scores.

The survey also highlighted the potential consequences of delay. CyberSheath noted that as CMMC moves from policy to procurement, "the cost of delay is no longer measured only in lost contracts but in the exposure of sensitive national security information."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds