The U.S. Department of Defense has released a revised version of its Framework and Digital Security Standards for Contractors aimed at “minimizing barriers.
The U.S. Department of Defense (DoD) has announced CMMC 2.0, a comprehensive framework for protecting the nation’s classified information and defending the defense industrial base from more frequent and complex cyber attacks.CMMC 2. .0, with its streamlined requirements, will enable
Reduce hassle for small and midsize businesses
Set priorities for DoD information protection
Increase collaboration between DoD and industry to address evolving cyber threats
The Cybersecurity Maturity Model Certification, dubbed “CMMC 2.0,” is the result of months of internal review by the Department of Defense after concerns were raised that it could lead to new red tape in an already bureaucracy-ridden Department of Defense.
CMMC 2.0 will dramatically enhance the cybersecurity of the defense industrial base.
By establishing partnerships with industry, we can help companies adopt the practices necessary to thwart cyber threats while minimizing barriers to compliance with DoD requirements.
The original framework used a 5-level system, but the new model has been reduced to 3 levels.
In addition, all defense contractors are no longer required to undergo third-party certification if they do not handle “controlled unclassified data”.
This “controlled unclassified data” is a general category of information, meaning for example a DoD system containing weapons.
Companies dealing with this “managed unclassified data” will not be able to enter into contracts unless they meet the highest level of the new model and obtain a third-party certification that proves they meet certain cybersecurity standards.
John Sherman, President Biden’s nominee to be the Pentagon’s chief information officer, said he wanted to update the CMMC to make it easier for companies to comply with the Pentagon’s cyber standards.
Comments