December 29, 2023 at 07:54AM
The US Department of Defense has proposed a rule for the Cybersecurity Maturity Model Certification (CMMC) program, seeking public feedback. The program aims to ensure defense contractors and subcontractors implement security measures to protect federal contract information and controlled unclassified information. The revision allows for self-assessment, emphasizes cooperation with industry, and reduces overall program costs.
Key takeaways from the meeting notes:
1. The US Department of Defense has published a proposed rule for the Cybersecurity Maturity Model Certification (CMMC) program and is seeking public feedback.
2. The CMMC program aims to verify that defense contractors and subcontractors have implemented necessary security measures to protect federal contract information (FCI) and controlled unclassified information (CUI).
3. The program is designed to ensure that the security measures detailed in the National Institute of Standards and Technology (NIST) Special Publication 800–171 Rev 2 are implemented and maintained by DoD partners.
4. The recently published rule revises aspects of the program based on public feedback and allows for self-assessment of certain requirements to simplify compliance.
5. The CMMC program requires cybersecurity assessments at three levels, with the highest level addressing advanced persistent threats.
6. The DoD estimates that overall program costs will be reduced by allowing self-assessments for certain levels and minimizing industry costs for assessments by involving Government assessors from the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).
7. The Pentagon has opened the CMMC for public comment and is seeking feedback on CMMC guidance documents and new information collections.
Please let me know if you need further information or details.