Updated: Nov 22, 2021
The Department of Defense’s cybersecurity compliance program for contractors will be pared down in scope and expectations, according to an acquisition regulation document.
The Cybersecurity Maturity Model Certification (CMMC) will no longer require every contractor to get a third-party certification if they do not touch controlled unclassified data, a change that could reduce the cost of compliance for thousands of contractors.
Under the new CMMC model, which is known as CMMC 2.0, the number of security tiers is being shrunk from five to three. Novel CMMC maturity practices will also be eliminated from the standard.
Click HERE to read the rest of the article.