Author Topic: NDIA POLICY POINTS: The Costs and Scope of CMMC 2.0 (Read 291 times)

rangerrebew · « **on:** January 28, 2024, 10:34:07 am »

CYBER

NDIA POLICY POINTS: The Costs and Scope of CMMC 2.0
1/26/2024
By Rachel A. McCaffrey and Michael Seeds

While yet to be fully implemented, the Defense Department first proposed the Cybersecurity Maturity Model Certification program in 2019, and the concept seems simple.

CMMC will ensure defense contractors comply with their contractual obligations to protect controlled unclassified information, or CUI, by requiring companies to hire third-party assessors to certify compliance, moving away from the “self-attestation” model.

However, nothing is ever as simple as it seems, and since the CMMC framework was first announced in 2019, “uncertainty” is a word that has been closely associated with the program.

The Defense Department released a proposed rule to implement the second iteration of CMMC, dubbed CMMC 2.0, on Dec. 26. The rule makes several changes, including reducing the number of compliance levels from five to three, aligning Level 2 compliance with National Institute of Standards and Technology Special Publication 800-171, and aligning Level 3 compliance with NIST SP 800-171 and 800-172.

https://www.nationaldefensemagazine.org/articles/2024/1/26/ndia-policy-points-the-costs-and-scope-of-cmmc-20

rangerrebew · « **Reply #1 on:** January 28, 2024, 10:38:52 am »

The ability to keep information classified depends on the number of people who DON'T have it. In other words, the only way to keep information secret is if only one person knows. With each addition the odds diminish. And the military is going to require third party auditors?

Author Topic: NDIA POLICY POINTS: The Costs and Scope of CMMC 2.0 (Read 291 times)

rangerrebew

NDIA POLICY POINTS: The Costs and Scope of CMMC 2.0

rangerrebew

Re: NDIA POLICY POINTS: The Costs and Scope of CMMC 2.0