The Pentagon is making changes to its rollout schedule for the Cybersecurity Maturity Model Certification program, due to issues with getting assessment organizations that will conduct audits for contractors fully credentialed by the Defense Department, according to a DOD official overseeing the pilots. All certified third-party assessment organizations need to obtain a CMMC level three certification in order to start conducting assessments for contractors. Those assessments are conducted by the Defense Contract Management Agency's Defense Industrial Base Cybersecurity Assessment Center,...
