Quantcast

Portland Courant

Sunday, November 24, 2024

Assessment Draft for DOD Cyber Program Lacks Key Details

Government contracts and cybersecurity attorney Eric Crusius spoke with Law360 about the U.S. Department of Defense's (DOD) pending Cybersecurity Maturity Model Certification (CMMC) program. As a precautionary measure to combat the increasing frequency and complexity of cyber attacks, this program would enable third-party assessors to review certain contractors' CMMC compliance. The extensive 33-page proposal is receiving criticism for being overly complicated in some areas while others are lacking important details.  Mr. Crusius highlighted that the draft specifies that contractors will be able to get a conditional certification that will allow them 180 days to address processes that are not yet fully CMMC-compliant. However, it's not clear whether they will be eligible for DOD contracts with conditional certifications.

Mr. Crusius stated, "I suspect the answer is yes, because why would they have that program, if not? But what happens if a contractor fails to close out those open items? Will they lose their contract? If there's a disagreement on whether or not an item's been closed out, how does that disagreement get adjudicated?" 

Original source can be found here.

ORGANIZATIONS IN THIS STORY

!RECEIVE ALERTS

The next time we write about any of these orgs, we’ll email you a link to the story. You may edit your settings or unsubscribe at any time.
Sign-up

DONATE

Help support the Metric Media Foundation's mission to restore community based news.
Donate

MORE NEWS