The Government Accountability Office assessed the Department of Defense’s approximately 2,900 controlled unclassified information systems and found that as of January, DOD has reported the implementation of over 70 percent of four selected cybersecurity requirements for CUI platforms.
These requirements are categorizing DOD CUI systems accurately; implementing the 110 security requirements of the Cybersecurity Maturity Model Certification program; implementing 266 security controls for moderate confidentiality impact systems; and authorizing systems to operate on DOD networks, according to a GAO report published Thursday.
In October 2021, the office of the chief information officer at DOD released a memorandum outlining the requirements that must be met by CUI systems, including the implementation of additional controls for supply chain security and that all CUI platforms have authorizations to operate.
“In addition, the CIO reminded system owners of the March 2022 deadline for all DOD CUI systems to implement necessary controls and other requirements. The Office of the CIO has been monitoring DOD components’ progress in meeting this deadline,” the report reads.