Matthew Travis, CEO of the Cybersecurity Maturity Model Certification Accreditation Body, has expressed the board’s support for the “CMMC 2.0” changes to the DoD’s emerging cybersecurity regime. The changes include replacing the original five-level system to three levels, and letting contractors at the entry level self-attest to their security practices, rather than requiring a third-party evaluation. They also allow “plans of action and milestones” to meet standards in some cases, rather than requiring those standards to be fully implemented.
“The Department of Defense (DOD) approached this from the appropriate risk management perspective and delivered on what the internal review set out to accomplish: clarifying the standard, reducing the cost burden, improving scalability, and instilling greater trust and confidence in the CMMC Ecosystem,” said Travis.
Source:
