The US Department of Defense proposed a new rule for the Cybersecurity Maturity Model Certification (CMMC) program, seeking input from the public. This program aims to ensure that defense contractors have implemented necessary security measures to safeguard federal contract and controlled unclassified information. The CMMC builds upon existing requirements outlined in the NIST SP 800–171 Rev 2 and verifies the maintenance of these protections throughout contract periods. This proposed revision allows self-assessment for some requirements, simplifies compliance, prioritizes information protection, and enhances collaboration between the DoD and industry. The CMMC involves assessments at three levels, reducing overall program costs by allowing self-assessments for lower levels and minimizing industry costs for higher levels through Government assessors. The Pentagon has opened a 60-day public comment period and seeks feedback on various CMMC guidance documents and new information collections.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.