The US Department of Defense is seeking public input on a proposed revision to its Cybersecurity Maturity Model Certification (CMMC) program. The CMMC program ensures that defense contractors have implemented necessary security measures to protect federal contract and controlled unclassified information. The proposed revision allows for self-assessment for some requirements, simplifies compliance, prioritizes information protection, and enhances collaboration between the DoD and industry. The program involves assessments at three levels, with self-assessments permitted for lower levels and Government assessors reducing costs for higher levels. The public comment period is open for 60 days and the Pentagon is seeking feedback on various CMMC guidance documents and new information collections.
Key Points:
- The US Department of Defense is seeking public input on a proposed revision to its Cybersecurity Maturity Model Certification (CMMC) program.
- The CMMC program ensures that defense contractors have implemented necessary security measures to protect federal contract and controlled unclassified information.
- The proposed revision allows for self-assessment for some requirements, simplifies compliance, prioritizes information protection, and enhances collaboration between the DoD and industry.
- The program involves assessments at three levels, with self-assessments permitted for lower levels and Government assessors reducing costs for higher levels.
- The public comment period is open for 60 days and the Pentagon is seeking feedback on various CMMC guidance documents and new information collections.