A new CyberSheath study has found that defense contractors showed an average score of -15 in the Supplier Performance Risk System, which is used to determine whether vendors meet the 110 security controls as required by the Defense Federal Acquisition Regulation Supplement.
CyberSheath said Wednesday it commissioned Merrill Research to conduct the study and found that 81 percent of respondents reported compliance with the security controls through self-assessment.
The report revealed that only 36 percent of respondents submitted SPRS scores to the Department of Defense.
According to the study, 25 percent of surveyed contractors said they have secure information technology backup systems in place and 19 percent of respondents reported implementation of vulnerability management tools.
On a scale of one to 10, CyberSheath found that approximately 70 percent of respondents assigned a score of seven or higher when asked about the difficulty of understanding how to reach and maintain compliance with the Cybersecurity Maturity Model Certification program.
“The government has done the hard work of creating controls to better protect our most sensitive data, which is increasingly a valuable currency to foreign countries, but enforcement hasn’t kept pace,” said CyberSheath CEO Eric Noonan.
“This year’s survey shows we haven’t made much progress in protecting military secrets, and until the DIB is compelled to do so, our security posture will remain stagnant,” Noonan added.
