The Cybersecurity Maturity Model Certification won’t require all subcontractors on a contract to meet the same level of requirements, depending on the type of information they will be handling. This means smaller companies won’t need to obtain the more-costly higher level CMMC certifications to be included on contracts that require the prime to meet that requirement. DoD will clarify in requests for information notices which parts of a contract will require different certification levels.
Cybersecurity, Privacy, & AI
Trending Now
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery • INDOPAC’s Rudd Said to Be Trump’s Pick for US Cyber Command Chief • NIST Releases Draft AI Cybersecurity Framework for Public Comment • DOJ Announces Takedown of Alleged Laundering Platform Used by Cybercriminal Groups • When AI Starts Doing the Work: The Rise of Agentic AI in Government Contracting
Primes, Subs Won’t Face the Same CMMC Security Requirements on All Contracts
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.