DOD Encourages Self Assessments in Preparation for CMMC Cybersecurity Program’s Further Implementation

DOD Encourages Self Assessments in Preparation for CMMC Cybersecurity Program’s Further Implementation
Department of Defense

The Department of Defense advises companies to first assess themselves for compliance with the Cybersecurity Maturity Model Certification (CMMC) requirements, as certified CMMC assessors are still not ready to audit for the program, FedScoop reported Wednesday.

Stacy Bostjanick, a DOD official working on CMMC, said companies looking to receive early CMMC approval may first test their own network security, while no existing certified third-party assessor organization or C3PAO is prepared to conduct assessments.

Bostjanick noted that she expects several C3PAO companies to have completed the needed accreditation by early summer. Kratos Defense and Security Solutions is among the first few companies that have received accreditation to become a C3PAO.

The five-tier CMMC model is made to standardize the security controls of controlled unclassified information within the defense industrial base.

You may also be interested in...

NASA Artemis

NASA Approves Computing System for Artemis I Mission; Mike Van Houten Quoted

NASA has certified the computer system that would process the data of an upcoming uncrewed lunar flyby, which will serve as a prerequisite to future astronaut missions. The spacecraft command and control system (SCCS) is designed to address the information capacity and speed requirements of NASA's Artemis I mission, the space agency said Thursday.