"Pentagon Wants Feedback on Revised Cybersecurity Maturity Model Certification Program"
The US Department of Defense recently published a proposed rule and requested public feedback for the Cybersecurity Maturity Model Certification (CMMC) program. The CMMC program is meant to establish an assessment mechanism to verify that defense contractors and subcontractors have implemented the security measures required to protect federal contract information (FCI) and controlled unclassified information (CUI). The newly published rule is a revision of certain aspects of the program, in line with public feedback received after the initial CMMC program was published in September 2020. The Pentagon has opened CMMC for public comment for 60 days and is also requesting feedback on eight CMMC guidance documents and new information collections.