Pentagon officials warn contractors on their duty to comply with NIST standard ahead of CMMC

By Sara Friedman / October 27, 2022 at 10:24 AM
Defense contractors should not wait until the launch of the Cybersecurity Maturity Model Certification program to reach compliance with the Pentagon's cyber standard for handling of controlled unclassified information, according to Defense Department officials. The Pentagon has required companies since 2017 to comply with NIST Special Publication 800-171 through DFARS 252.204-7012, CMMC Director Stacy Bostjanick said Wednesday at an industry event. The CMMC program is a validation of compliance through a third-party assessment, Bostjanick said, while emphasizing that there are...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.