Cybersecurity, Privacy, & AI

Trending Now

Why Agencies Need Containment, Not Just More Cyber Tools • Pentagon Eyes 3-Year Cyber Training Requirement, Overriding New Army Policy • CISA Launches CI Fortify Initiative to Strengthen Critical Infrastructure Security • NIST SP 800-223 and 800-234: A Turning Point for Federal High-Performance Computing Security • Pentagon Leaders Love Agentic AI. But It’s Giving Cyber Criminals Nation-State-Like Powers

Published on February 14, 2022 • Cyber

All CUI-Handling DoD Contractors Will Need Assessments Under CMMC 2.0

G-Tech Studios | Shutterstock

When the Defense Department announced CMMC 2.0, it said that instead of requiring a third-party assessment for all contractors that handle Controlled Unclassified Information, only about half of them would need one, because the CUI handled by the other half wasn’t especially risky. However, DoD’s deputy CIO David McKeown now says that, based on further analysis, “pretty much everybody” handling CUI will need an independent assessment. The roughly 140,000 defense contractors handling only less sensitive “federal contract information” will still only need to submit a self-assessment.

Source:

Federal News Network: More Companies May Have to Get a CMMC Assessment After All

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.