Pentagon seeks input for upgraded cybersecurity certification program.

December 30, 2023
1 min read

The US Department of Defense is seeking public input on a proposed revision to its Cybersecurity Maturity Model Certification (CMMC) program. The CMMC program ensures that defense contractors have implemented necessary security measures to protect federal contract and controlled unclassified information. The proposed revision allows for self-assessment for some requirements, simplifies compliance, prioritizes information protection, and enhances collaboration between the DoD and industry. The program involves assessments at three levels, with self-assessments permitted for lower levels and Government assessors reducing costs for higher levels. The public comment period is open for 60 days and the Pentagon is seeking feedback on various CMMC guidance documents and new information collections.

URL: https://www.securityweek.com/pentagon-wants-feedback-on-revised-cybersecurity-maturity-model-certification-program/

Key Points:

  • The US Department of Defense is seeking public input on a proposed revision to its Cybersecurity Maturity Model Certification (CMMC) program.
  • The CMMC program ensures that defense contractors have implemented necessary security measures to protect federal contract and controlled unclassified information.
  • The proposed revision allows for self-assessment for some requirements, simplifies compliance, prioritizes information protection, and enhances collaboration between the DoD and industry.
  • The program involves assessments at three levels, with self-assessments permitted for lower levels and Government assessors reducing costs for higher levels.
  • The public comment period is open for 60 days and the Pentagon is seeking feedback on various CMMC guidance documents and new information collections.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and