The Department of Defense has completed an internal review and unveiled the strategic direction for the enhanced version of the Cybersecurity Maturity Model Certification program.
The “CMMC 2.0” program seeks to further clarify cybersecurity policy, regulatory and contracting requirements and simplify the program standard; focus third-party assessment requirements and advanced cyber standards on companies backing the highest priority initiatives; and ramp up DOD oversight of ethical and professional standards in the assessment ecosystem, the Pentagon said Thursday.
“CMMC 2.0 will dramatically strengthen the cybersecurity of the defense industrial base,” said Jesse Salazar, deputy assistant secretary of defense for industrial policy.
“By establishing a more collaborative relationship with industry, these updates will support businesses in adopting the practices they need to thwart cyber threats while minimizing barriers to compliance with DoD requirements,” he added.
DOD noted that enhancements to the program will help ensure accountability for enterprises to implement cyber standards and improve public trust in the CMMC ecosystem, among others.
Salazar co-chaired the CMMC internal assessment with Mieke Eoyang, deputy assistant secretary of defense for cyber policy; David McKeown, deputy chief information officer for cybersecurity; and David Frederick, executive director of U.S. Cyber Command. Senior officials from 18 DOD components participated in the review.