CMMC nears the starting line with the proposal of a key contracting rule; NASA has an issue with personnel taking unauthorized devices abroad

The Pentagon cleared a major milestone Thursday on the path to instituting its cybersecurity standards program for contractors known as the Cybersecurity Maturity Model Certification 2.0. The Department of Defense submitted a proposed rule that, once approved, would incorporate new cyber requirements into all contracts for vendors who want to do business with the U.S. military that involves sensitive but unclassified information. Under the CMMC 2.0 program, any contractor or subcontractor that does work with the DOD involving what’s referred to as controlled unclassified information or federal contract information must obtain — or in some cases self-attest to — one of three levels of CMMC compliance, depending on the sensitivity of the information involved in the work.

Over the past three years, NASA has investigated more than 200 reports of either space agency devices or systems being accessed outside the country without prior authorization, which would violate internal policy regarding where mobile technology units may be brought abroad. The reports of unauthorized foreign access investigations, obtained by FedScoop through a public records request, occur when a NASA device is detected overseas without a clear prior record of a planned trip.

The Daily Scoop Podcast is available every Monday-Friday afternoon.

If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.