Defense Dept. issues memorandum detailing FedRAMP equivalency requirements for CMMC program

The Defense Department has issued a memorandum on equivalency for cloud service offerings between GSA’s Federal Risk and Authorization Management Program and the Pentagon’s cyber certification program.

The memorandum is intended to provide guidance and clarification on DFARS Clause 252.204-7012, which established a requirement starting on Dec. 31, 2017 for defense contractors holding controlled unclassified information to be compliant with NIST Special Publication 800-171. The Pentagon’s Cybersecurity Maturity Model Certification program adds a third party assessment as a requirement....