DOD contracting official: Policy for fixing CMMC compliance blind spots to include threshold requirements

By Sara Friedman / January 20, 2022 at 11:44 AM
The Defense Department's policy for contractors to provide details on how they will address gaps in their Cybersecurity Maturity Model Certification assessments will include a threshold on requirements that "need to be" taken "seriously," according to DOD's John Ellis, who leads the office responsible for conducting CMMC assessor audits. Allowing contractors to submit a plan of action and milestones explaining how they will achieve specific unmet requirements on CMMC controls is a new feature as part of a revamp to...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.