May 18, 2022
Defense Dept. contracting official: Policy for fixing CMMC compliance blindspots to include threshold requirements
The Defense Department’s policy for contractors to provide details on how they will address gaps in their CMMC assessments will include a threshold on requirements that “need to be” taken “seriously,” according to DOD’s John Ellis, who leads the office responsible for conducting CMMC assessor audits.
Allowing contractors to submit a plan of action and milestones explaining how they will achieve specific unmet requirements on CMMC controls is a new feature of DOD’s Cybersecurity Maturity Model Certification as part of...