<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Audit Management, DFARS, Vendor Risk Management, Corporate Compliance and Oversight, Cybersecurity Frameworks, Cyber Risk Management Frameworks

The Pentagon to Include Contractor Security Into Buying Decisions: How Contractors Can "Deliver Uncompromised"


A four-pronged effort at the Pentagon ignites a new program entitled “Deliver Uncompromised” targeted at various parts used in American military hardware and manufacturing — for instance, microelectronics.

On June 8, the Washington Post reported that the Chinese government hackers had compromised the computers of a Navy contractor, and had completed a mission to steal large amounts of sensitive data, some of which included secret plans to develop a supersonic anti-ship missile to be used on U.S. submarines in less than two years time.

The government hackers from China hacked a Navy contractor to gain intelligence - and were successful. Pentagon officials have reported that including better security measures into the military’s acquisitions process is imminent, and necessary. These new measures will better protect the defense industry from cyber-related threats both in the U.S. and abroad. 

The Deputy Under Secretary of Defense for Intelligence, Kari Bingen, noted that “It is no longer sufficient to only consider cost, schedule and performance when acquiring defense capabilities. We must establish security as a fourth pillar in defense acquisition and also create incentives for industry to embrace security, not as a cost burden, but as a major factor in their competitiveness for U.S. government business.”

Three Steps to DFARS Success_cover

On Thursday, Pentagon officials testified before the House Armed Services Committee. They talked to the issue that they saw as the foundation of the threats at hand, which was in a broader sense and according to the testimonials, China’s efforts to transfer U.S. military tech intelligence - including commercial investments, trade practices and intellectual property theft - in an effort to disarm and displace some of the U.S.'s military competitive edge.

The Under Secretary of Defense for Research and Engineering, Michael Griffin, noted that “the Chinese theft of technology and intellectual property, through the exfiltration of the work of others is not unlike the Chinese construction of islands to encroach upon the geographic domains of international waters and those of other sovereign nations, it circumvents the autonomy of nations in a departure from a rules-based global order. It is adversarial behavior and its perpetrator must be treated as such.” Clearly, these officials are done letting security measures prove inefficient when mature and robust threats arise.


A four-pronged effort at the Pentagon ignites a new program entitled “Deliver Uncompromised” targeted at various parts used in American military hardware and manufacturing — for instance, microelectronics.

“We must have confidence that industry is delivering capabilities, technologies and weapon systems that are uncompromised by our adversaries, secure from cradle to grave,” noted the Deputy Under Secretary of Defense for Intelligence.

Rep. Adam Smith, D-Wash. said that “we had a briefing yesterday on a cyber breach, and it was shocking how disorganized, unprepared and, quite frankly, utterly clueless the branch of the military was that [it] had been breached. Even in this day and age, we still have not figured out how to put together a cyber policy to protect our assets. In particular, with our defense contractors, who we work with, who store our data, but don’t have adequate protection. But even within the DoD, we don’t have a clear, cohesive policy to put in place.”

Bingen suggested a “checklist-based” security procedure could be used across the board, regardless of contractor size. The goal being that the program would be “risk-based (like the NIST Cybersecurity Framework) … informed by the threat and the department’s technology protection priorities”.

You likely know of the initiative - Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 which details adherence to NIST SP 800-171(see explanatory guide here) -  This cybersecurity compliance requirement for defense contractors was developed to better protect “controlled unclassified data" of the government, which “in aggregation can be as damaging as a breach of classified information” in the words of Bingen.

The regulation covers technical or personal information for any organization selling to the Department of Defense, and was being considered to be made into a Federal Acquisition Regulation, even long before this summer's events.

If you are contractor selling into the government space, it will be necessary for you to prove not only adequate security, but also prove your ability to Deliver Uncompromised. Looking for a good set of security standards to standardize on? Adopt DFARS NIST SP 800-171 ahead of time to set yourself up for success and business growth. CyberStrong automates the reporting, tracking, and proving required, and makes cybersecurity compliance and best practice adoption easy. Learn more by getting a free demo.


You may also like

Zero Trust Security – A Quick Guide
on January 24, 2022

Zero Trust is a security framework that requires authentication, authorization, and validation from all users, whether inside or outside the organization's network. This is ...

CyberStrong December Update
on January 20, 2022

December Product Update Crosswalks, graphics, and filters - Oh my! 🎵♪🎵 New crosswalks on frameworks and labels on graphics Helpful team filters and alerts on late status Clear ...

Kyndall Elliott
CEO's - Do You Know Where That ...
on January 3, 2022

It is no secret that cybersecurity has mystified many members of the C-suite since the function was introduced. Headlines are dominated by breaches and hearings of information ...

Jerry Layden
CyberSaint's Response to the Log4j ...
on December 23, 2021

Members of the CyberSaint Community, My name is Padraic O’Reilly, the Chief Product Officer of CyberSaint. In light of the impacts of the Log4j vulnerability on the greater ...

Padraic O'Reilly
The CEO's Guide To Understanding ...
on December 17, 2021

With high-profile data breaches and cyber incidents capturing headlines almost weekly, business leaders are getting a front-row seat to the impact cybersecurity can have on an ...

Jerry Layden
The Guide To A CEOs First ...
on December 16, 2021

One of the most significant challenges that CEOs and business-side leaders are faced with when tasked with implementing a cybersecurity program is the board-level reporting that ...

Jerry Layden