The Defense Department is still considering whether to allow companies to self-attest their compliance with level two of its Cybersecurity Maturity Model Certification program, according to DOD cyber chief David McKeown, who provided additional detail on the Pentagon's plans to address controlled unclassified information at a meeting on Thursday. The Pentagon initially planned to create a bifurcated process for CMMC level two where some companies would be able to self-attest their compliance and third-party assessments are only needed for some...
