The Cybersecurity Maturity Model Certification won’t require all subcontractors on a contract to meet the same level of requirements, depending on the type of information they will be handling. This means smaller companies won’t need to obtain the more-costly higher level CMMC certifications to be included on contracts that require the prime to meet that requirement. DoD will clarify in requests for information notices which parts of a contract will require different certification levels.
Cybersecurity, Privacy, & AI
Trending Now
CMMC Compliance as a Service: A New Model for DOW Contractors • GSA Announces a Fresh Cohort of Presidential Innovation Fellows • Supreme Court Justices Skeptically Question Both Sides in Geofence Surveillance Case • Pentagon Workers Vibe-Code 100,000 AI ‘Agents’ to Use on Unclassified Networks • CISA, UK NCSC Warn of China-Linked Covert Cyber Networks in New Advisory
Primes, Subs Won’t Face the Same CMMC Security Requirements on All Contracts
Gorodenkoff | Shutterstock
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.