Tuesday, December 5, 2023
The Pentagon will make changes to its Cybersecurity Maturity Model Certification program by working with the National Institute of Standards and Technology to revise Special Publication 800-171, according to Defense Department assessment leader John Ellis, who says DOD has plans to propose additional controls from the old CMMC model for inclusion in the next update to the key NIST publication.
The Defense Department has released long-awaited scoping guidance for its Cybersecurity Maturity Model Certification program that will help defense contractors determine what assets will be included under the assessment process, along with a new overview document describing key changes to the program.
The Defense Department is working on several pieces of documentation to support the revamp of its Cybersecurity Maturity Model Certification program, including scoping guides for the new levels one and two and an overview document describing the CMMC 2.0 model.
Cyber certification audits for certified third-party assessment organizations are currently on hold at the Pentagon while the Defense Department works through changes to its Cybersecurity Maturity Model Certification program, according to a DOD official.
The National Institute of Standards and Technology in 2022 will update its publication guiding agencies and industry on how to secure controlled unclassified information, a key component of the Pentagon's Cybersecurity Maturity Model Certification program, according to lead author Ron Ross.
The Defense Department is exploring how it can offer incentives to contractors who adopt standards from the Cybersecurity Maturity Model Certification program before the official rollout begins, according to Pentagon official Stacy Bostjanick.
The Pentagon has formally announced two new rulemakings that will make changes to its Cybersecurity Maturity Model Certification program, including the removal of third-party assessments for level one and starting a plan of action and milestones process.
The independent accreditation body behind the Pentagon’s cyber certification program is in the early stages of altering its training credential offerings to meet the needs of the Defense Department as DOD shifts toward self assessment for CMMC level one, according to CMMC-AB CEO Matthew Travis.
The evolution of the Defense Department's Cybersecurity Maturity Model Certification program reflects a response to concerns from the defense industrial base, according to attorneys, who said recent major changes show the Pentagon is taking into account pre-existing mechanisms for contractor compliance with cyber standards and is considering how the program can be implemented effectively.
Cyber leaders at the Defense Department provided an overview of key changes to their Cybersecurity Maturity Model Certification program, CMMC 2.0, at a "Town Hall" on Tuesday with details on upcoming rulemaking processes and how the effort will allow for more public engagement.
The Defense Department is making changes to the oversight of its independent accreditation body as part of an update to the Cybersecurity Maturity Model Certification program, dubbed "CMMC 2.0," triggering new negotiations of the current no-cost contract between the two entities.
An examination of the Pentagon’s cyber certification program is moving into a new phase with the internal review of the initiative complete, according to sources, who say recommendations are currently under consideration by DOD leadership.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has approved the first content created by a third-party partner publisher that will be used to teach assessors as part of the CMMC official assessor training program.
A new industry advisory council for the Pentagon’s Cybersecurity Maturity Model Certification program is determining “rules of the road” for its work and “scope” of operations, according to council chair Yong-Gon Chon, who says early efforts have focused on evaluating “practice effectiveness” for controls in the CMMC model and examining small business issues.
The National Defense Industrial Association has released a white paper urging the Pentagon to provide more clarity on the requirements contractors must meet to reach compliance with DOD’s cyber certification program, and to make other changes to help companies meet the program’s objectives.
The Defense Department is not planning to release the final rule cementing the implementation of its Cybersecurity Maturity Model Certification program in September, due to an ongoing internal review expected to conclude toward the end of 2021.
Leaders from the House Small Business oversight subcommittee are working to get an amendment into the fiscal year 2022 defense authorization bill that would direct the Pentagon to assess the small business impacts of the Defense Department's Cybersecurity Maturity Model Certification program.
The Defense Department needs to become more transparent over its work on the Cybersecurity Maturity Model Certification program, according to an industry letter to Pentagon leaders raising concerns over a lack of communication and other issues.
The Defense Contract Management Agency's process to conduct assessments for the Pentagon's Cybersecurity Maturity Model Certification program is adapting to meet the needs of stakeholders, according to Defense Department official John Ellis who provided an overview to Inside Cybersecurity on lessons learned in recent months.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program has established new processes to speed the authorization of assessment organizations that want to become part of the CMMC ecosystem.