Sec. 1640. DOD Cyber Hygiene and Cybersecurity Maturity Model Certification Framework
191 words·~1 min read·
/bill/116/hr/6395/pcs/section-1640A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the congressional defense committees and the Comptroller General of the United States a report on the cyber hygiene practices of the Department of Defense and the extent to which such practices are effective at protecting Department missions, information, system and networks. The report shall include the following: An assessment of each Department component’s compliance with the requirements and levels identified in the Cyber Maturity Model Certification framework.
For each Department component that does not achieve the requirements for good cyber hygiene as defined in CMMC Model Version 1.02, a plan for how that component will implement security measures to bring it into compliance with good cyber hygiene requirements within 1 year, and a strategy for mitigating potential vulnerabilities and consequences until such requirements are implemented. Not later than 180 days after the submission of the report required under subsection (a), the Comptroller General of the United States shall conduct an independent review of the report and provide a briefing to the congressional defense committees on the findings of the review.