Defense Dept. to update CMMC assessment guide for level three, continue reciprocity discussions

The Defense Department will make changes to the assessment guide for level three of the Cybersecurity Maturity Model Certification program, to reconcile the publication with recent changes to a foundational NIST framework for controlled unclassified information, according to Pentagon acquisition CISO Katie Arrington.

The DOD CIO’s office is working with the Office of the Under Secretary of Defense for Acquisition and Sustainment to reconcile the level three guide with “errata updates” made to NIST Special Publication 800-171 in January, Arrington...