September 18, 2020
Pentagon revises CMMC to clarify requirements for handling encrypted data
The Defense Department has issued revisions to its Cybersecurity Maturity Model Certification program, less than two months after it was released as final, to clarify requirements for encrypted data among other “administrative” changes.
“The first sentence of the CMMC Clarification was rewritten and now reads: Only use cryptography validated through the NIST Cryptographic Module Validation Program (CMVP) to protect the confidentiality of [controlled unclassified information],” says the revised CMMC document, version 1.02, issued on March 18.
The changes to...