DOD cyber chief: Final plans for CMMC level two assessments will be explained through rulemaking

By Sara Friedman / February 18, 2022 at 4:46 PM
The Defense Department is still considering whether to allow companies to self-attest their compliance with level two of its Cybersecurity Maturity Model Certification program, according to DOD cyber chief David McKeown, who provided additional detail on the Pentagon's plans to address controlled unclassified information at a meeting on Thursday. The Pentagon initially planned to create a bifurcated process for CMMC level two where some companies would be able to self-attest their compliance and third-party assessments are only needed for some...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.