The Pentagon’s new cybersecurity model is better, but still an incremental solution to a big challenge | Federal News Network

Share on facebook
Share on twitter
Share on linkedin
Sequential Pictures/Shutterstock

The Pentagon’s latest “strategic direction” for its Cyber Maturity Model Certification (CMMC 2.0) better conforms with current government standards and procedures, but it misses the point of President Biden’s request for “radical change.” Long before the creation of CMMC, federal procurement restrictions obligated all military contractors who kept in touch with controlled unclassified information (CUI) to incorporate the fundamental cyber hygiene safeguards outlined in NIST Special Publication (SP) 800-171 from the National Institute of Standards and Technology. After nearly two years of research, the Defense Department unveiled the initial CMMC in November 2020. 



Subscribe to our newsletter