Defense industry group raises concerns over terminology for ‘managed service providers’ in CMMC assessment guide

The National Defense Industrial Association is seeking clarity from the accreditation body behind the Pentagon’s cyber certification program on how managed service providers can be used to help companies reach compliance and address reciprocity.

The Cyber Accreditation Body released the first version of its CMMC assessment process guide, known “the CAP,” in July for public comment. The guide for the Cybersecurity Maturity Model Certification program is marked as “pre-decisional” because DOD’s work to finalize the rulemaking is still in progress....