Government contractors deal with some of the most complex frameworks in the tech industry. Organizations need to consistently be on the look out for changes, new trends, and updates in order to do their best work and keep government customers happy. With the beginning of a new year, government contractors have a few changes to look out for in 2023.
From new Cybersecurity Maturity Model Certification (CMMC) updates, to an increase in zero-trust adoption, here are our top expectations for government contractors in 2023.
The Department of Defense anticipates a fully ramped up CMMC program by summer 2023. This means that government contractors should be prepared for all requirements to operate and implement controls under NIST SP 800-171. It’s anticipated that this year we may see an updated CMMMC Assessment Process (CAP). Contractors should confirm that IT policies, standards, and procedures are up-to-date and that all assets are known and categorized appropriately.
Emphasis on NIST SP 800-171
Speaking of NIST 800-171, contractors can expect more spot checks on their ability to meet compliance standards. If found out of compliance, this is a breach of contract. It’s encouraged that companies work with a third party to ensure they meet all requirements.
Federal Risk and Authorization Management Program (FedRAMP)
The role of cloud computing is only growing larger, resulting in a serious focus on FedRAMP. A few instances in 2022 of organizations not meeting the full requirements, or withholding required FedRAMP information, resulted in a dedication to stronger oversight for the FedRAMP Program Management Office.
Asset Visibility and Vulnerability Detection
For those that work with organizations in the Federal Civilian Executive Branch, a new directive is set to go into effect that requires regular asset recoveries and vulnerability enumeration. This means that organizations must have an inventory of all addressable IP assets on their network, refreshed every seven (7) days. Vulnerability enumeration should also take place every 14 days and should include identifying vulnerable assets within that discovery process.
In 2023, we will likely see a larger adoption of zero trust across government organizations. This means that government organizations are moving away from securing the network perimeter and focusing security on users, assets, and resources. We will see a greater adoption of Single Sign-On with multi-factor authentication, encrypted HTTP traffic, and a focus on data security. In the zero-trust world, NIST is the gold standard framework and government contractors need to embrace it fully.
This is just a short list of changes we will be seeing in 2023 and beyond, but keep in mind there is always room for technology to surprise us with more. Even so, this short list may seem overwhelming. Government contractors can stay ahead of the curve by working with third-party organizations like Booker DiMaio to prepare for new compliance standards and technologies.
Using the right tools for control mapping, remediation, and documentation will be incredibly helpful as the landscape continues to grow and develop.