Yesterday the Office of the Under Secretary of Defense for Acquisition & Sustainment helped put their goals of Cybersecurity Maturity Model Ceritification (CMMC) in focus.

In fact Jesse Salazar, Deputy Assistant Secretary of Defense for Industiral Policy, on the goals of the when testifying at the Senate Armed Services Committee on Cybersecurity provided these three top level goals.

  1. To incorporate a unified set of cybersecurity requirements into acquisition processes and contracting language. Recognizing that cybersecurity should not be “one-size-fits-all ,” the program includes several levels of cyber requirements, that allow flexibility to apply requirements appropriate to the defined sensitivity level of information at issue.
  2. To provide the Department assurance, via external assessment, that all contractorsa nd subcontractors participating in a given award meet mandatory cybersecurity requirements. The certification framework also facilitates the Department’s ability to hold prime contractors accountable for ensuring that their suppliers are, in fact, implementing appropriate cybersecurity requirements.
  3. To develop supporting resources, information, and training to help contractors improve cyber readiness and comply with the Department’s requirements.