A\u00fan no est\u00e1 claro qu\u00e9 se requerir\u00eda para la certificaci\u00f3n o cu\u00e1nto costar\u00eda para las empresas.<\/p>\n
![\"\"](\"https:\/\/cdn.nextgov.com\/media\/img\/upload\/2018\/12\/06\/120618cyberbadgeNG\/860x394.jpg\")
In cybersecurity, you\u2019re only as strong as your weakest link. For the Defense Department, the area with the fewest cyber protections are the defense contractors the department works with, particularly the small businesses that don\u2019t have the expertise or resources to build a robust security posture.<\/p>\n
The Pentagon put together a task force to assess whether small businesses within the defense industrial base are complying with the cybersecurity framework published by the National Institute of Standards and Technology and provide assistance to companies that need help.<\/p>\n
The department issued a new rule last year requiring vendors to show that they are in compliance with NIST standards or have a plan to get there quickly.\u00a0Those plans were due Jan. 1<\/a>.<\/p>\n \u201cWhere are we in actually implementing the NIST standard? Is it working? I would argue right now it\u2019s not. We basically say, \u2018Hey, tell us if you\u2019re compliant.\u2019 And we don\u2019t actually check,\u201d Kevin Fahey, assistant secretary of defense for acquisition, said during a keynote at the annual Charleston Defense Contractors Association Summit in South Carolina.<\/p>\n Within the next year, Fahey said he hopes to have a method to certify cybersecurity of Defense Department vendors. That process begins with ensuring companies are compliant with NIST standards.<\/p>\n \u201cThat will be the first step, which is a huge step,\u201d he said. \u201cThen, how do we change the NIST to maybe be even more encompassing to make sure we\u2019re doing things?\u201d<\/p>\n Fahey acknowledged that second step might be cause for concern among the defense industrial base, as it is not yet clear exactly what that would mean or, more importantly, how much it would cost. As a remedy, he cited upcoming pilots to allow small businesses to use the department\u2019s secure environments, putting the cost and security onus on the government rather than the contractor.<\/p>\n \u201cIs there a way that we certify industry to be cyber-compliant to protect our data?\u201d Fahey asked. \u201cWe need to figure it out and we need to figure it out fast.\u201d<\/p>\n