The Defense Department is reportedly planning changes to the highest levels of the five-tier Cybersecurity Maturity Model Certification, after receiving public comments on the recently issued CMMC Defense Federal Acquisition Regulation System rule. It’s unclear exactly what these changes will entail, but the announcement also comes after the publication of new protective guidance from the National Institute of Standards and Technology: SP 800-172. Stacy Bostjanick, the acting director of supply risk management at DoD, said that the department is trying to synchronize CMMC levels four and five – which will need to be met only by companies handling the most secure data – with NIST’s new guidance.
Source: