Official: Defense Contractors to Meet Different CMMC Requirements
Katie Arrington, chief information security officer for assistant secretary for defense acquisition, has clarified that contractors will face different levels of Cybersecurity Maturity Model Certification requirements depending on the information they need to secure. Speaking at a Washington Technology event, the 2020 Wash100 winner said the Department of Defense will release requests for information notices to inform contractors which parts of a contract require different certification levels.
Stressing DoD’s cautious approach, she said subcontractors will only meet CMMC requirements ranging from levels one or two, Fedscoop reported.
However, Arrington explained that CMMC level two certifications will be rare and will serve as a bridge for companies needing to fulfill level one or level three certifications.
Prime contractors are expected to meet CMMC level four and level five certifications to continue handling sensitive information.
Category: Popular Voices
Tags: certification requirement CMMC CMMC Accreditation Board cybersecurity Cybersecurity Maturity Model Certification Department of Defense FedScoop Katie Arrington Mark Berman Popular Voices