Inside Cybersecurity

May 18, 2022

Daily News

Defense Dept. contracting official: Policy for fixing CMMC compliance blindspots to include threshold requirements

By Sara Friedman / January 20, 2022

The Defense Department’s policy for contractors to provide details on how they will address gaps in their CMMC assessments will include a threshold on requirements that “need to be” taken “seriously,” according to DOD’s John Ellis, who leads the office responsible for conducting CMMC assessor audits.

Allowing contractors to submit a plan of action and milestones explaining how they will achieve specific unmet requirements on CMMC controls is a new feature of DOD’s Cybersecurity Maturity Model Certification as part of...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.