The Cybersecurity Maturity Model Certification won’t require all subcontractors on a contract to meet the same level of requirements, depending on the type of information they will be handling. This means smaller companies won’t need to obtain the more-costly higher level CMMC certifications to be included on contracts that require the prime to meet that requirement. DoD will clarify in requests for information notices which parts of a contract will require different certification levels.
Cybersecurity, Privacy, & AI
Trending Now
Anthropic’s Reported $30B Funding Talks Spotlight AI’s Growing Role in Cybersecurity, Defense • DC3 Seeks New Contractors for DCISE Voluntary Cyber Information-Sharing Program • Pentagon Cyber Official Calls Advanced AI ‘Revolutionary Warfare’ • NIST Aims for Summer Release of AI Cyber Guidelines • President Trump’s Cyber Strategy: Cross-Sector Implications for U.S. and UK Businesses
Primes, Subs Won’t Face the Same CMMC Security Requirements on All Contracts
Gorodenkoff | Shutterstock
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.