Attorneys: New CMMC approach shows evolution to strengthen defense contractor cyber posture, recognizing potential barriers

By Sara Friedman / November 11, 2021 at 10:41 AM
The evolution of the Defense Department's Cybersecurity Maturity Model Certification program reflects a response to concerns from the defense industrial base, according to attorneys, who said recent major changes show the Pentagon is taking into account pre-existing mechanisms for contractor compliance with cyber standards and is considering how the program can be implemented effectively. CMMC 2.0 consolidates DOD’s cyber certification effort into three levels and relies heavily on NIST publications 800-171 and 800-172. The extra 20 controls in level two...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.