Department of Defense is now requiring contractors to meet a standard level of cyber security protection. The “Capability Domains” seems to be a mix of the various standard controls that the IT Security profession has been promoting for years (ie. CIS top 20).
I can definitely see this as a requirement that gets adopted by other departments, such as the Department of Education, FTC, etc.
thoughts?
I personally am supportive. I have found that for every organization that does IT Security well, there are 10 more that “don’t have the resources”. This might give IT the extra push to convince their leadership of the need to hire (or train) security professionals and implement basic security controls.
-Jonathan
JKimmitt's thoughts on Cyber, Security, Privacy, and more.... 