Attorneys: New CMMC approach shows response to contractor concerns

摘要

The evolution of the Defense Department's Cybersecurity Maturity Model Certification program reflects a response to concerns from the defense industrial base, according to attorneys, who said recent major changes show the Pentagon is taking into account pre-existing mechanisms for contractor compliance with cyber standards and is considering how the program can be implemented effectively. CMMC 2.0 consolidates DOD's cyber certification effort into three levels and relies heavily on NIST publications 800-171 and 800-172. The extra 20 controls in level two (formerly level three) are removed from the new model along with maturity processes.