Updated spending projections for Cybersecurity Maturity Model Certification program implementation have been provided by the Department of Defense as part of the proposed rule it introduced earlier this week, DefenseScoop reports.
Only assessment, certification, and affirmation activities conducted by defense contractors and subcontractors concerning the verification of security requirements have been accounted for in the cost estimates for CMMC Levels 1 and 2, according to the Defense Department, which noted that expenses for adopting the requirements have already been incurred. Meanwhile, expenditures for Level 3 certification assessment, which only applies to a select number of contractors and subcontractors, comprise not only Level 2 certification assessment costs but also the additional expenses associated with adopting the standard's security requirements. Such a proposed CMMC rule is already being reviewed by defense contractors and trade groups, which were given up to Feb. 26, 2024 to comment on the rule.
"Burdensome regulation has long been a hurdle, particularly for small and medium-sized businesses that contribute to the defense industrial base. It's critical for defense companies to have the tools and the standards to keep our nations sensitive unclassified material secure while not deterring companies from contributing to the defense industrial base," said Aerospace Industries Association President and CEO Eric Fanning.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news