Nov 13, 2019 (Investing Alerts) — The U.S. Department of Defense (DoD) has released Version 0.6 (v0.6) of its Cybersecurity Maturity Model Certification (CMMC), the all-new cybersecurity certification program that will require all companies who hold contracts with the DoD to meet defined cybersecurity requirements. V0.6 features a number of improvements over the previous iterations.
The previous version of the CMMC, v0.4, had been open for public comment since September 2019, with various organizations, including DoD Contractors, cybersecurity companies, and Managed Security Service Providers (MSSPs) weighing in and providing feedback for the DoD. According to the DoD, “CMMC Version 0.4 was released for public review and comment in early September. Based on this feedback, this version significantly reduces the model size, modifies the practices and processes, and provides clarifications and examples for CMMC Level 1. The document includes CMMC Levels 1-3 of the latest version of the CMMC Model (Appendix A) with clarifications for CMMC Level 1 in Appendix B.” CMMC v0.6 does not include Levels 4-5 as public comments are still being addressed.
SysArc, an MSSP who helps Department of Defense contractors implement the security controls required in the CMMC and submitted its own recommendations, says that v0.6 is a much more concise and clear document for everyone in the industry to work off of. “We’re very pleased with the DoD making the drafts of CMMC available for public scrutiny,” says Tim Brennan, CEO of SysArc. “It gives companies like us who have ‘boots on the ground’ a chance to let the DoD know about the current challenges facing DoD contractors with implementing cybersecurity requirements. Input from the public will go a long way in making the implementation of CMMC a success. We’re happy to be a part of it,” adds Brennan.
The official release of the CMMC v1.0 should be in January 2020 and auditors are expected to begin certifying contractor systems in the second half of 2020. The CMMC Accreditation organization is expected to be selected soon and begin laying out the process for training/certifying auditors as well as determining the process and schedule for certifying DoD contractors.
Information contained on this page is provided by an independent third-party content provider. Frankly and this Site make no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact email@example.com