DOD issues memorandum detailing FedRAMP equivalency requirements for CMMC program

The Defense Department has issued a memorandum on equivalency for cloud service offerings between the General Services Administration’s Federal Risk and Authorization Management Program and the Pentagon's cyber certification program. The memorandum is intended to provide guidance and clarification on Defense Federal Acquisition Regulations Clause 252.204-7012, which established a requirement starting on Dec. 31, 2017 for defense contractors holding controlled unclassified information to be compliant with National Institute of Standards and Technology Special Publication 800-171. The Pentagon’s Cybersecurity Maturity Model...