On July 18, the Defense Secretary Pete Hegseth issued a memo titled “Enhancing Security Protocols for the Department of Defense.” The memo directs the DoD Chief Information Officer, working in coordination with the Under Secretaries for Acquisition and Sustainment, Intelligence and Security, and Research and Engineering, to take immediate action to ensure that all IT capabilities developed or procured for the Department are rigorously reviewed and validated for protection against supply chain threats posed by adversaries
The memo also calls on the Department to strengthen existing programs and processes within the Defense Industrial Base (DIB) to eliminate or mitigate foreign adversarial influence. Additionally, it instructs the Department to evaluate whether further actions are necessary to address these risks.
Efforts are already underway in collaboration with DIB partners, leveraging programs such as the Cybersecurity Maturity Model Certification (CMMC), the Software Fast Track Program, the Authority to Operate (ATO) process, the Federal Risk and Authorization Management Program (FedRAMP), and the Secure Software Development Framework (SSDF) to advance this mission.
The DoD CIO and associated stakeholders are now working to develop the implementation guidance outlined in the memo.