Following the announcement that it is substantially overhauling the Cybersecurity Maturity Model Certification program, the Defense Department is seeking volunteers to try out some of the changes. Specifically, DoD wants companies to volunteer to be assessed for the new middle category, CMMC Level 2. These evaluations would still be performed by CMMC Third-Party Assessment Organizations (C3PAOs), as would have been required for all contractors under CMMC 1.0. The new Level 2 is for companies working with controlled unclassified information, and aligns with the requirements of NIST SP 800-171. Participation in this early test of the process is entirely voluntary, and not required for any existing or pending contracts.
Source:
- Federal Computer Week: Who’s Going to Volunteer for the New CMMC?
