The Defense Department is actively working on plans to build cybersecurity requirements for the defense industrial base into defense contracts as part of its Cybersecurity Maturity Model Certification program, or CMMC. The first contracts with those requirements built in are expected sometime in 2025.
But for small businesses who might not have the resources to meet stringent cybersecurity requirements on their own, the Army is planning to launch a pilot program called the Next-Generation Commercial Operations in Defended Enclaves, or NCODE, said Undersecretary of the Army Gabe Camarillo, during a discussion Tuesday at the 2024 Association of the United States Army Annual Meeting and Exposition in Washington.
“This essentially provides a cyber-secure enclave in a secure environment for small businesses to participate in where they can collaborate, share information, [and] most importantly, do their own work that they need to that would otherwise present a threat vector for actors that we know are very active in the cybersecurity space,” Camarillo said. “What’s great about it is [that] it is compliant with CMMC, so all of the Department’s requirements would be met by operating in this environment.”
Camarillo said many of the small businesses the Army worked with last year were at least partially at risk to cybersecurity threat vectors.