CMMC assessment guides postpone outlining 'scope' of certification for Pentagon contractors

By Sara Friedman / December 8, 2020 at 10:27 AM
The Defense Department is delaying defining the "scope" of its Cybersecurity Maturity Model Certification assessments for maturity levels one and three in the first editions of its assessment guides, which assessors say will impact the ability to conduct a comprehensive audit. "It won't impact our ability to conduct assessments per se, but it impacts our ability to conduct the assessment with the full knowledge that we are assessing the proper in-scope systems," Leslie Weinstein, CMMC lead at auditing firm OCD...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.