Northwest Aerospace News April | May Issue No.14 | Page 63

PACIFIC NORTHWEST DEFENSE COALITION SPOTLIGHT
G
iven that 80 percent of the DoD CUI is stored on the 300,000
defense supplier internal networks and systems, defense contractors,
including many in the aerospace industry, now face significant in-
creases in U.S. Federal regulatory requirements. These requirements
include securing data controlled by the International Traffic in Arms
Regulation (ITAR), the Export Administration Regulation (EAR) and
compliance with contracting requirements in the Defense Federal
Acquisition Regulation Supplement (DFARS). To top it off, contrac-
tors will soon be required to adhere to the upcoming DoD Cyberse-
curity Maturity Model Certification (CMMC) in early 2020.
These increased regulations have elevated the risk of non-compli-
ance penalties, including the loss of current and future business,
personal and corporate liability, and negative corporate brand impact.
By September 2020, the DoD is expected to fully implement CMMC
for all defense supply chain contractors. This sweeping plan requires
companies to demonstrate cybersecurity maturity with independent
audits and certification as a “pre-qualification” requirement proir to
contract award. These increased laws and regulations include:
• Restriction and control of export for defense and
military-related technologies and information
• Securing DoD and non-DoD supplier information
systems and networks
• Codifying cybersecurity responsibilities and
procedures
• Enforcing supply chain accountability
• Verifying cybersecurity practices and processes
with a third party audit and certification
“Every DoD contract that goes out for proposal will have a CMMC
pre-qualification requirement and every vendor on that contract must
have a CMMC certification!”
- Katie Arrington, CISO, (OUSD) (A&S)
APRIL | MAY 2020 ISSUE NO. 14
63