Department of Defense (DoD) Acting Chief Information Officer (CIO) Leslie Beavers said this week that she is working to reduce the barriers of entry for businesses looking to partner with the DoD by simplifying processes and revising criteria.
During the Billington CyberSecurity Summit on Sept. 4, Beavers explained that those efforts are intended to “reduce costs, enhance security, and streamline processes making it easier and more affordable for industry partners to collaborate with the government.”
“We were really working hard to make it easier to do business with the department and to lower the cost of doing business with the department,” Beavers said. “If you end up with an impasse, there is a way to get that impasse broken, instead of a couple of folks saying, ‘Yeah, that’s not working for me, and we’re done.’”
Specifically, Beavers has her sights set on defining criteria around trust and authorities to operate (ATO).
She also explained that reshaping DoD standards around the long-awaited Cybersecurity Maturity Model Certification (CMMC) 2.0 will help industry work with government while maintaining security.
The Office of Information and Regulatory Affairs (OIRA) is currently reviewing the DoD’s final CMMC rule – which details the specifics of CMMC at the program level – which was submitted in December 2023. This final rule has been under OIRA’s review since late June.
Notably, on Aug. 15 the DoD published a proposed rule to integrate CMMC requirements into the contracting process. The proposed rule states that DoD will require organizations to submit their self-assessment or certification at the time of contract award.