The Professional Services Council is supportive of the Pentagon's plans to allow self assessment for less sensitive information held by defense contractors under the Cybersecurity Maturity Model Certification program, while recognizing that contracting officers could still decide to choose a higher level of security than needed to ensure adequate protection of the information on nonfederal systems. The Defense Department confirmed its plan for CMMC 2.0 in a Dec. 26 proposed rule to remove the third-party certification requirement for level one...
