Pentagon officials post guidance for defense agencies to implement CMMC requirements

A recent memorandum from senior Pentagon officials provides guidance on determining assessment levels and the waivers process under the Defense Department’s Cybersecurity Maturity Model Certification program.

“To enhance the security of DoD information and reduce the risk of cyber attacks to DIB businesses, the Department established the Cybersecurity Maturity Model Certification (CMMC) Program. The final CMMC Program rule was published to the Federal Register on October 15, 2024 and is codified in Title 32 CFR Part 170,” the memo...