Inside Cybersecurity

March 28, 2024

Daily News

Pentagon revises CMMC to clarify requirements for handling encrypted data

By Rick Weber / March 25, 2020

The Defense Department has issued revisions to its Cybersecurity Maturity Model Certification program, less than two months after it was released as final, to clarify requirements for encrypted data among other “administrative” changes.

“The first sentence of the CMMC Clarification was rewritten and now reads: Only use cryptography validated through the NIST Cryptographic Module Validation Program (CMVP) to protect the confidentiality of [controlled unclassified information],” says the revised CMMC document, version 1.02, issued on March 18.

The changes to...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.