Pentagon CIO to Oversee CMMC

Deputy Defense Secretary Kathleen Hicks has ordered the Department of Defense chief information officer to oversee the Cybersecurity Maturity Model Certification program.

Pentagon CIO John Sherman said his office will continue to work with the defense undersecretary for acquisition and sustainment as the CMMC program changes ownership. He added that under the CIO office, the program will increase integration with other cybersecurity programs at various defense industrial base organizations.

The move will also realign six personnel who administer the CMMC program. The cybersecurity initiative was originally hosted by the Office of the Undersecretary of Defense for Acquisition and Sustainment, Nextgov reported.

The realignment comes after Sherman told the Senate in October that he will redesign CMMC to resemble a cybersecurity-as-a-service model to make it easier for small services to adopt.

CMMC has been criticized since its conception in 2019, mainly because of its lack of flexibility and the costs that it imposes on businesses. In March 2021, Hicks ordered an internal review of the program. In November of the same year, the Pentagon announced CMMC 2.0, which reduced some of the certification levels and introduced a self-assessment capability for some contractors.

Other federal agencies have been looking at the Pentagon’s cybersecurity program to create a set of cyber standards for contractors.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now