The Cybersecurity Maturity Model Certification (CMMC) program is meant to improve the network security of defense contractors, but following an internal review, the Pentagon is making changes and rolling out Version 2.0.
- Ron Marks, president of ZPN Cyber and National Security Strategies, former Central Intelligence Agency official and intelligence advisor to two Senate majority leaders, said the changes, which scale back some requirements, probably will not keep networks secure but that the Defense Department may make further modifications within the next several months.
- Marks said he does think it was “very smart to pull back” and conduct the review, because the original version was confusing for companies and had too many moving parts.
- Some of the changes consist of reducing the number of levels, narrowing the group of companies and allowing self review in some cases for smaller firms, said Marks.