Robert Metzger, head of the Washington D.C. office at law firm Rogers Joseph O’Donnell, shared his insights on a new Department of Defense guidance for determining certification levels and administering waiver authority under the Cybersecurity Maturity Model Certification program.
In a LinkedIn post published in mid-February, Metzger said the DOD guidance serves as an “early alert” to program managers and requiring activities regarding what they need to do when Part 48 CMMC contractual rules take effect.
For the cybersecurity thought leader, the document indicates that non-Federal Acquisition Regulation-based legal agreements are subject to “appropriate CMMC level” requirements.
“I agree. Innovators are especially vulnerable; their valuable work, for DoD, must be protected,” he added.
Table of Contents
CMMC Level 2
For CMMC Level 2, self-assessment is allowed for categories of controlled unclassified information, or CUI, that are “outside” of the National Archives and Records Administration’s CUI Registry Defense Organizational Index Grouping.
According to Metzger, CMMC Level 2 certification assessment is required for DOD Critical Infrastructure Security Information, Controlled Technical Information, Naval Nuclear Propulsion Information and other CUI under NARA’s Defense Organizational Index Grouping.
Waiver Requests
Metzger also shared his views on CMMC waiver requests, which must be coordinated through the component chief information officer prior to approval by the Component Acquisition Executive or Service Acquisition Executive.
The DOD memo also stated that such waivers may be requested and cleared for an “individual procurement or a class of procurements.”
“Waivers do not affect the underlying security requirements but impact only whether assessment requirements must be included in solicitation documents. Having this flexibility, IMO, is indispensable if DoD is to avoid excess rigidity causing CMMC to injure capabilities and missions of requiring activities and warfighters,” the national security specialist stated.
Metzger concluded that the new DOD guidance “reduces risks of dysfunctional outcomes without making waivers too easy for anyone to seek and get.”
Related Articles
The General Services Administration has launched USAi, a secure generative artificial intelligence suite designed to help federal agencies experiment with AI tools and accelerate AI adoption. GSA said Thursday the launch of USAi advances the priorities in the White House’s America’s AI Action Plan, which seeks to strengthen U.S. leadership in AI through coordinated federal action, streamlined adoption and smarter infrastructure. A panel discussion at the Potomac Officers Club’s 2025 Navy Summit on Aug. 26 will explore generative AI and how it optimizes decision-making within the service branch. Book your spot now at this GovCon networking event! Expanding Federal Government’s
Nextgov/FCW reported that the Federal Acquisition Regulatory Council on Thursday released new model deviation text for six parts of the FAR as part of the Revolutionary FAR Overhaul, or RFO, initiative. In April, President Donald Trump signed an executive order directing his administration to amend FAR to streamline the federal procurement process and eliminate barriers to doing business with the government. In June, the FAR Council released model deviation text for sections related to emergency acquisitions, contract modifications and acquisition of information and communication technology, or ICT. The overhauled FAR parts include sections related to administrative and information matters; required sources of
The National Science Foundation and NVIDIA will invest $152 million in the development of advanced, open-source artificial intelligence models aimed at accelerating American scientific discovery. The public-private investment will support the Open Multimodal AI Infrastructure to Accelerate Science project led by the Allen Institute for AI, or Ai2, NSF said Thursday. Public-Private Investment for Open Source AI Models NSF will provide $75 million, with NVIDIA contributing $77 million. The initiative supports the White House AI Action Plan and aims to ensure the United States remains a leader in AI-powered research and innovation. “As called for in the AI Action Plan,