CMMC Review Expected to be Completed in Late 2021
The Department of Defense said the internal review of the Cybersecurity Maturity Model Certification program will likely be completed in late 2021.
The CMMC review was initiated in March to ensure that its implementation would not hinder defense acquisitions. All aspects of the program are being evaluated, including its required cybersecurity levels.
According to a DOD spokesperson, CMMC changes will be relayed to industry and other stakeholders once the review is finished, FedScoop reported Thursday.
Industry groups have raised concerns with the DOD’s silence on the CMMC review.
In a letter, the Information Technology Industry Council, the National Defense Industrial Association and the Professional Services Council called on Deputy Defense Secretary Kathleen Hicks for more transparency and better communication with defense contractors.
The trade associations were mostly concerned about changes in the CMMC’s timeline, scope and manner of implementation. They asserted that companies’ budgets, strategic planning and resource allocation are being affected without knowledge of the status of the cybersecurity program.
Despite growing concerns, Christine Michienzi, chief technology officer for the deputy assistant secretary of defense for industrial policy, urged companies to continue CMMC preparations.
Michienzi also asked industry to provide feedback on the first few months of the CMMC rollout so that lessons learned can be included in the review.
“We are really trying to make sure that we are listening to what industry’s feedback was for the initial implementation,” she said.
Category: Defense and Intelligence
Tags: Christine Michienzi CMMC review Cybersecurity Maturity Model Certification Defense and Intelligence Department of Defense DoD FedScoop Kathleen Hicks