DoD plans CMMC listening sessions as questions swirl around review
AI Generated Image

DoD plans CMMC listening sessions as questions swirl around review

Federal News Network business

Key Points:

  • The Pentagon has initiated a rapid review of the Cybersecurity Maturity Model Certification (CMMC) program, aiming to balance cybersecurity enforcement with reducing compliance burdens on small defense contractors.
  • The review, led by Defense Department CIO Kirsten Davies and others, has suspended third-party assessment requirements and seeks input from small businesses and cybersecurity stakeholders, with a report expected by late September.
  • Officials criticized the current third-party assessment approach as overly burdensome and are considering a range of changes, from minor tweaks to a complete overhaul, while maintaining self-assessment and existing cybersecurity standards.
  • Key challenges include the high cost of compliance for small businesses and a shortage of certified third-party assessors, though the Cyber Accreditation Body reports progress in building assessor capacity and delivering assessments.
  • The review revisits issues from previous administrations, with legal experts warning that reliance on self-assessments could increase False Claims Act risks for contractors misrepresenting their cybersecurity status.

Trending Business

Trending Technology

Trending Health