DoD recently released updated guidance, a draft version 0.4 of its the Cybersecurity Maturity Model Certification (CMMC) model and requested industry feedback. This post follows up on our previous post in this area and explains the CMMC model. Going forward, contractors should consider whether to submit feedback as invited by DoD by September 25th. In particular, DoD has asked industry to answer the following questions:
- What do you recommend removing or de-prioritizing to simplify the model and why?
- Which elements provide high value to your organization?
- Which practices would you move or cross-reference between levels and domains?
- In preparation for the pending easy-to-use assessment guidance, what recommendations might you have to clarify practices and processes?
