Security News > 2022 > March > Understanding US Defense Department’s relaxed cybersecurity protocols under CMMC 2.0
Department of Defense contractors struggling to comply with upcoming cybersecurity regulations under the Cybersecurity Maturity Model Certification can breathe a sigh of relief-the DoD has announced its intent to release CMMC 2.0, with promises to streamline the certification process and ease security regulations for contractors and sub-contractors handling low-priority information.
Intended to promote compliance with DoD cybersecurity procedures and give teeth to enforcement, the CMMC program was first announced in 2020 to regulate the control of unclassified information and high-value assets by external contractors.
The original version of CMMC called for all DoD contractors and subcontractors to undertake mandatory third-party assessments of their cybersecurity procedures, which would have greatly raised the costs of compliance.
The subject of much criticism, this stipulation has been downgraded under CMMC 2.0 to only apply to contractors handling the most sensitive information.
It's also hoped that CMMC 2.0 will help to build a culture of trust between the Department and its contractors, rectifying relationships with those who felt unfairly targeted after the release of the initial standards.
The changes are expected to be ratified within the next 9 to 24 months; in the meantime, the DoD has scrapped previous CMMC piloting efforts but encourages contractors to enhance their cybersecurity posture in the interim period.