The Defense Department is delaying defining the "scope" of its Cybersecurity Maturity Model Certification assessments for maturity levels one and three in the first editions of its assessment guides, which assessors say will impact the ability to conduct a comprehensive audit. "It won't impact our ability to conduct assessments per se, but it impacts our ability to conduct the assessment with the full knowledge that we are assessing the proper in-scope systems," Leslie Weinstein, CMMC lead at auditing firm OCD...