The long-awaited rollout of contract requirements for the Pentagon's Cybersecurity Maturity Model Certification program raises questions about the current capacity for getting a level two assessment and reducing the flow of controlled unclassified information, according to defense info-sharing leader Steve Shirley. A final rule to start the three-year implementation timeline for putting CMMC requirements into defense contracts went into effect on Nov. 10 . The first year focuses on CMMC level one but doesn’t prevent acquisition officials from asking a...
