The Defense Department released for public inspection the final cybersecurity maturity model certification program rule. The rule includes changes which make it simpler for private sector companies to comply with the cybersecurity requirements that must be in place before they can bid on defense contracts.
The Department’s cybersecurity maturity model certification program, also called CMMC, ensures that private sector companies doing work for the Defense Department as part of the defense industrial base demonstrate that their computer networks and cybersecurity practices are up to the task of defending against intrusions by adversaries who may want access to information about government contracts and weapons systems development.