Major OEMs made a pledge this week to the US to invest in meeting the CSF requirements

From Charles Robbins

August 27, 2021

There are three major weaknesses in US cyber defenses not reported by us, but by every major external cybersecurity auditor in reports to the federal government since 2018. One, the major OEMs, corporations and government agencies use non-compliant third-party vendors for products and services. Two, legal and procurement have not yet joined the process to put CSF compliant products and services language into their buying agreements. Third, cybersecurity training is lacking. The DoD CMMC program is the best unified approach to the problem to date.

This week, President Biden and his team are asking the major OEMs to get in line. Yes, it begins with cyber education, but any organization that will implement the Zero Trust Security Model (ZTSM) must restrict non-compliant personnel from access to the data. It is a two-year journey to full compliance. Adopt the NIST and ZTSM, add policies, procedures, training, execution, and verification to pass cyclic internal and then external CSF inspections. It is great to have the major OEMs on board with the current US cybersecurity policy, but executives, legal and procurement that do not change will hinder our progress.

CSF certified TechR2’s product and services meet the NIST and ZTSM requirements. The major OEMs made a pledge this week to the US to invest in meeting the CSF requirements.