DHS seeks contractor cyber hygiene compliance

On August 10, the Department of Homeland Security released a statement on the agency’s plans to require contractor compliance with cyber hygiene practices:

“Dear Industry Partners,

In 2015 the Department of Homeland Security (DHS) incorporated Cyber Hygiene clauses into its contracts and agreements to require contractor compliance with certain cyber standards and protections.  In light of recent events, DHS seeks to advance our process in assessing industry compliance with Cyber Hygiene clause requirements.  DHS has been closely monitoring the Department of Defense’s implementation of the Cybersecurity Maturity Model Certification (CMMC) program to identify lessons learned and best practices for consideration by DHS as we advance our process.  Our end goal is to have a means of ensuring a contractor has key cybersecurity and cyber hygiene practices in place as a condition for contract award. This process is a critical step in our progress towards protecting the Homeland.

As an immediate first step, DHS is conducting a pathfinder assessment to establish a path forward. Upon conclusion of the pathfinder effort, the Department will have further information and next steps to share. We look forward to continuing to collaborate with you on this matter. Thank you for all you do to support our missions and protect the Homeland.

Sincerely,

Eric Hysen

Chief Information Officer

Paul Courtney

Chief Procurement Officer (Acting)”

Source: SAM