<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Audit Management, DFARS, Vendor Risk Management, Corporate Compliance and Oversight, Cybersecurity Frameworks, Cyber Risk Management Frameworks

The Pentagon to Include Contractor Security Into Buying Decisions: How Contractors Can "Deliver Uncompromised"


A four-pronged effort at the Pentagon ignites a new program entitled “Deliver Uncompromised” targeted at various parts used in American military hardware and manufacturing — for instance, microelectronics.

On June 8, the Washington Post reported that the Chinese government hackers had compromised the computers of a Navy contractor, and had completed a mission to steal large amounts of sensitive data, some of which included secret plans to develop a supersonic anti-ship missile to be used on U.S. submarines in less than two years time.

The government hackers from China hacked a Navy contractor to gain intelligence - and were successful. Pentagon officials have reported that including better security measures into the military’s acquisitions process is imminent, and necessary. These new measures will better protect the defense industry from cyber-related threats both in the U.S. and abroad. 

The Deputy Under Secretary of Defense for Intelligence, Kari Bingen, noted that “It is no longer sufficient to only consider cost, schedule and performance when acquiring defense capabilities. We must establish security as a fourth pillar in defense acquisition and also create incentives for industry to embrace security, not as a cost burden, but as a major factor in their competitiveness for U.S. government business.”

Three Steps to DFARS Success_cover

On Thursday, Pentagon officials testified before the House Armed Services Committee. They talked to the issue that they saw as the foundation of the threats at hand, which was in a broader sense and according to the testimonials, China’s efforts to transfer U.S. military tech intelligence - including commercial investments, trade practices and intellectual property theft - in an effort to disarm and displace some of the U.S.'s military competitive edge.

The Under Secretary of Defense for Research and Engineering, Michael Griffin, noted that “the Chinese theft of technology and intellectual property, through the exfiltration of the work of others is not unlike the Chinese construction of islands to encroach upon the geographic domains of international waters and those of other sovereign nations, it circumvents the autonomy of nations in a departure from a rules-based global order. It is adversarial behavior and its perpetrator must be treated as such.” Clearly, these officials are done letting security measures prove inefficient when mature and robust threats arise.


A four-pronged effort at the Pentagon ignites a new program entitled “Deliver Uncompromised” targeted at various parts used in American military hardware and manufacturing — for instance, microelectronics.

“We must have confidence that industry is delivering capabilities, technologies and weapon systems that are uncompromised by our adversaries, secure from cradle to grave,” noted the Deputy Under Secretary of Defense for Intelligence.

Rep. Adam Smith, D-Wash. said that “we had a briefing yesterday on a cyber breach, and it was shocking how disorganized, unprepared and, quite frankly, utterly clueless the branch of the military was that [it] had been breached. Even in this day and age, we still have not figured out how to put together a cyber policy to protect our assets. In particular, with our defense contractors, who we work with, who store our data, but don’t have adequate protection. But even within the DoD, we don’t have a clear, cohesive policy to put in place.”

Bingen suggested a “checklist-based” security procedure could be used across the board, regardless of contractor size. The goal being that the program would be “risk-based (like the NIST Cybersecurity Framework) … informed by the threat and the department’s technology protection priorities”.

You likely know of the initiative - Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 which details adherence to NIST SP 800-171(see explanatory guide here) -  This cybersecurity compliance requirement for defense contractors was developed to better protect “controlled unclassified data" of the government, which “in aggregation can be as damaging as a breach of classified information” in the words of Bingen.

The regulation covers technical or personal information for any organization selling to the Department of Defense, and was being considered to be made into a Federal Acquisition Regulation, even long before this summer's events.

If you are contractor selling into the government space, it will be necessary for you to prove not only adequate security, but also prove your ability to Deliver Uncompromised. Looking for a good set of security standards to standardize on? Adopt DFARS NIST SP 800-171 ahead of time to set yourself up for success and business growth. CyberStrong automates the reporting, tracking, and proving required, and makes cybersecurity compliance and best practice adoption easy. Learn more by getting a free demo.


You may also like

Conducting Your First Risk ...
on January 30, 2023

As digital adoption across industries increases, companies are facing increasing cybersecurity risks. Regardless of their size, cyber-attacks are a persistent threat that must be ...

Your Guide to Cloud Security ...
on January 26, 2023

Cloud computing refers to the delivery of multiple services via the internet (also known as the “cloud”), including software, databases, servers, storage, intelligence, and ...

Compliance and Regulations for ...
on January 9, 2023

Compliance for many cybersecurity programs has been the cornerstone and the catalyst for why many programs exist in the first place. Since the rise of the information technology ...

Cyber Risk Quantification: Metrics ...
on January 6, 2023

Risk management is the new foundation for an information security program. Risk management, coupled with necessary compliance activities to support ongoing business operations, ...

Padraic O'Reilly
Cybersecurity Maturity Models You ...
on January 27, 2023

Cybercrime has forced businesses worldwide into paying billions of dollars yearly. As more of the population becomes dependent on technology, the fear of cyber attacks continues ...

Top 10 Risks in Cyber Security
on December 23, 2022

Increasing cyber security threats continue creating problems for companies and organizations, obliging them to defend their systems against cyber threats. According to research ...