Details on the assessment process, ecosystem roles, scoping requirements and more can be found in the Defense Department proposed rule published this week for the Cybersecurity Maturity Model Certification program. The 234-page proposed rule provides an inside look into the assessment ecosystem with specific details on the requirements for defense contractors, assessment organizations, DOD and on the CMMC model itself. The Pentagon undertook a two-year process to complete the proposed rule following an internal review of the program. The rulemaking...
