John Sherman, the Biden administration’s nominee for Defense Department CIO, said at a Senate Armed Services Committee confirmation hearing that he wants to update the terms of the CMMC to be “not onerous” for small and medium-sized businesses. He would work with the NSA and Cyber Command to provide a “cybersecurity-as-a-service” model that would give businesses “templates and guides on how to do this so they don’t have to reinvent the wheel,” similar to a hosted-services proposal from then-Navy Undersecretary Thomas Modly in 2019. Sherman was previously the DoD’s principal deputy CIO and acting CIO.
Source:
- Federal Computer Week: White House Pick for DOD CIO Eyes Tweaks to CMMC