The U.S. Department of Defense (DoD) just rolled out a new strategic direction for the Cybersecurity Maturity Model Certification known as "CMMC 2.0."
New guidelines correspond to the DoD's objectives of "safeguarding sensitive information," especially in terms of addressing surveillance issues with supply chains stationed in China.
CMMC 2.0 released by Department of Defense
Why is this update so important for the cybersecurity of the DoD supply chain? Because it reportedly makes better cybersecurity more accessible for SMBs that operate in the space.
U.S. Deputy Secretary of Defense, Dr. Kathleen Hicks, tweeted about it.
Updating #cybersecurity standards for the companies who support @DeptofDefense helps secure our supply chains while increasing access for #smallbusiness.
— Deputy Secretary of Defense Dr. Kathleen Hicks (@DepSecDef) November 4, 2021
CMMC is a key component of the Department's expansive cybersecurity effort.
Find more here: https://t.co/XJf9USst8l
Here are three aims of the updated cybersecurity model:
- Simplifying the CMMC standard and providing additional clarity on cybersecurity regulatory, policy, and contracting requirements;
- Focusing the most advanced cybersecurity standards and third-party assessment requirements on companies supporting the highest priority programs; and
- Increasing Department oversight of professional and ethical standards in the assessment ecosystem.
This chart from the Office of the Under Secretary of the Defense also illustrates additional changes from the original CMMC.
Find additional details about the CMMC update at acq.osd.mil/cmmc/about-us.html.
The SecureWorld Sessions podcast episode: The CMMC Explained
SecureWorld's Rockies virtual conference is coming up on Nov. 17. Register to attend for excellent presentations and panels and earn CPE credit. Find the agenda for the conference here.