"CMMC Under Internal Review at DoD for 'Potential Improvements'"

The Pentagon is conducting an internal review of the Cybersecurity Maturity Model Certification (CMMC) program to explore potential improvements for the program's implementation. The goal of the Department of Defense's (DoD) CMMC program is to ensure that Defense Industrial Base (DIB) companies implement appropriate cybersecurity practices and processes to protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). The requirements of the CMMC program are still in the process of being rolled out to DoD contracts. According to Katie Arrington, the Pentagon's CISO for acquisition and sustainment, all DoD contracts will contain CMMC requirements by Fiscal Year (FY) 2026. This article continues to discuss the purpose, ongoing internal assessment, and status of the CMMC program.

MeriTalk reports "CMMC Under Internal Review at DoD for 'Potential Improvements'"