Pentagon revises CMMC to clarify requirements for handling encrypted data

By Rick Weber / March 25, 2020 at 10:20 AM
The Defense Department has issued revisions to its Cybersecurity Maturity Model Certification program, less than two months after it was released as final, to clarify requirements for encrypted data among other "administrative" changes. "The first sentence of the CMMC Clarification was rewritten and now reads: Only use cryptography validated through the NIST Cryptographic Module Validation Program (CMVP) to protect the confidentiality of" controlled unclassified information, says the revised CMMC document, version 1.02 , issued on March 18. The changes to...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.