With CMMC 2.0, DoD removed process maturity as an assessed requirement. Some commentators are suggesting that NIST 800-171’s “NFO” controls inherently require policies. We explore the requirement in this article.
Former CMMC-AB board of directors James Goepel, Mark Berman, and Ben Tchoubineh authored a letter to the President which analyzes why CMMC 2.0 is inconsistent with the President’s recent Executive Order and is harmful to our national security.
DoD submitted but quickly withdrew an “advanced notice of proposed rulemaking” entitled “Cybersecurity Maturity Model Certification 2.0 Updates and Way Forward”.
Changes to the FAR/DFARS imposed by the recent Executive Order on Increasing our Nation’s Cybersecurity and the expected publication of the Final Rule for CMMC are now both expected in September, although the exact dates are still unknown. With all the expected changes, October promises to be a very busy time for defense contractors!
The Executive Order issued May 12, 2021 on Improving the Nation’s Cybersecurity casts some clouds over the CMMC program. This article provides short-term guidance for defense contractors.