“When the Defense Department confirmed that Deputy Secretary Kathleen Hicks decided to review the Cybersecurity Maturity Model Certification (CMMC) program, initial reactions were mixed…”
“A DoD spokeswoman offered little insight into the review and what its goals are.
‘In light of increasingly frequent and complex cyber intrusion efforts by adversaries and non-state actors, the department remains deeply committed to the security and integrity of the defense industrial base. As is done in the early stages of many programs, the DoD is reviewing the current approach to CMMC to ensure that it is achieving stated goals as effectively as possible while not creating barriers to participation in the DoD acquisition process,’ said Jessica Maxwell, the DoD spokeswoman in an email. ‘As this internal assessment is ongoing, we are not able to provide further detail. This assessment will be used to identify potential improvements to the implementation of the program’…”
“On top of this review, DoD is in the middle of delivering reports to Congress and working with the Government Accountability Office on CMMC reports and analyses. The 2021 Defense Authorization Act required the DoD chief information officer to assess each department component against the CMMC framework and report findings to congressional defense committees by March 1. Lawmakers want details on how each component ‘will implement relevant security measure to achieve a desired CMMC [level] or other appropriate capability and performance threshold.’
Congress also asked the Government Accountability Office to independently assess and brief Congress within six months of the CIO report’s issuance.
The NDAA also requires DoD to withhold 60% of its CMMC appropriated funding until its Office of Acquisition and Sustainment (A&S) submits a plan to Congress detailing timelines for pilot activities, the relationship with auditing or accrediting bodies, planned funding and involvement of the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) and its plans to train acquisition staff to implement CMMC…” Read the full article here.
Source: DoD initiates CMMC review — big deal or perfunctory? – By Jason Miller, April 5, 2021. Federal News Network.