The use of waivers for the Pentagon’s Cybersecurity Maturity Model Certification program will be determined based on the needs of acquisition officials for specific contracts, not the qualifications of a company bidding for contract selection, according to CMMC director Stacy Bostjanick. The Defense Department is in the rulemaking process to implement significant changes to the CMMC program and will allow waivers for the first time under CMMC 2.0. Bostjanick provided an update on what’s next at a cyber event last...