DoD kicks off nationwide listening tour to reshape CMMC rules

TL;DR Summary
The DoD is reviewing the Cybersecurity Maturity Model Certification (CMMC) program and has suspended third-party assessments to reduce burdens on small defense contractors. It will hold nationwide listening sessions, gather 60 days of feedback, and issue a final report with recommendations by late September; the review could overhaul or tweak CMMC 2.0, possibly via interim rules. The department cites cost and assessor capacity as barriers; self-assessments remain allowed, while DIBCAC/NSA/DC3 services cover only part of the required NIST controls, and there are about 1,000 certified assessors versus a projected 2,000–3,000 needed.
- DoD plans CMMC listening sessions as questions swirl around review Federal News Network
- Pentagon suspends CMMC phase two requirements, launches review of program Federal News Network
- DOD halts cybersecurity requirements for CMMC Phase 2: ‘The math just simply doesn't math’ DefenseScoop
- Forging the Arsenal of Freedom: Department of War Suspends CMMC Phase II Requirements U.S. Department of War (.gov)
- Pentagon announces ‘immediate suspension’ of CMMC Phase II mandates Breaking Defense
Reading Insights
Total Reads
0
Unique Readers
8
Time Saved
8 min
vs 9 min read
Condensed
95%
1,725 → 91 words
Want the full story? Read the original article
Read on Federal News Network