Pentagon Hints at Changes to CMMC as Industry Expresses Concerns


With a new administration in place, the Defense Department has announced that it has initiated an “internal assessment” of the Cybersecurity Maturity Model Certification program. Defense acquisition CISO Katie Arrington likened the assessment to a standard review of major defense acquisition programs, performed to ensure “we’re doing the implementation correctly internally.” No timeline or scope for the review was offered.

Andrew Hunter, director of the Center for Strategic and International Studies’ Defense-Industrial Initiatives Group, said this was a logical opportunity for the new administration to assess whether the program was on track to meet its intended goals.  A recent survey of defense industry participants showed widespread support for CMMC, but significant concern about burdens and costs.