The framework, which aims to certify a company’s compliance with federal cybersecurity regulations around controlled unclassified information (CUI), was announced by DOD officials in June. It will be used to evaluate and rate contractors’ ability to protect sensitive data on a 1-5 scale starting next year.
The initial version of the framework is scheduled to go public in January 2020. By June 2020, its requirements will start appearing in requests for information, and will become a regular feature of defense procurement by September 2020. That means defense contractors will have less than eight months to implement changes for compliance with the Defense Federal Acquisition Regulation Supplement and National Institute of Standards and Technology guidance on protecting CUI.
Continue reading at: FCW