Pentagon separates rulemakings for NIST standards, CMMC as work to establish cyber certification program continues

The Defense Department is moving forward with its plans to split cyber certification requirements for contractors into two separate rulemakings, focused on NIST Special Publication 800-171 and the Cybersecurity Maturity Model Certification program.

The split is part of the Pentagon’s effort to implement CMMC 2.0, which was outlined in a November advanced notice of proposed rulemaking. The notice said, “DoD will pursue rulemaking in both: (1) Title 32 of the Code of Federal Regulations (CFR); and, (2) title 48...