Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules

https://www.securityweek.com/wp-content/uploads/2024/03/Pentagon.jpeg

The Pentagon is suspending Cybersecurity Maturity Model Certification (CMMC) phase two requirements that were set to take effect in November, pending a 60-day review of the entire program.

Kirsten Davies, CIO at the Department of War (formerly the Department of Defense), said the move clears bureaucratic obstacles without lowering the bar on cybersecurity, noting that contractors must still meet phase one requirements and existing regulations for handling government information.

A newly formed CMMC review and reform task force will collect industry feedback and then recommend scaled-back security measures to speed up contracting for small and nontraditional businesses.

“The Department of War is taking decisive action to clear bureaucratic roadblocks and revitalize our defense industrial base in support of Secretary of War Pete Hegseth’s directive to aggressively scale warfighter readiness,” said Davies, adding, “[But] I want to be clear, across the Department of War and our defense industrial base, investing in...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more