The Defense Department is still figuring out how to save contractors money with its unified cybersecurity standard by authorizing reciprocity for multiple government certification programs, but an answer could come by the end of the 2021 fiscal year.
One of the key pledges DOD needs to fulfill for its Cybersecurity Maturity Model Certification program is building on work contractors have already done to meet security requirements for programs like the Federal Risk and Authorization Management Program (FedRAMP).
Stacy Bostjanick, CMMC’s director at the Defense Department’s Office of the Undersecretary of Defense for Acquisition and Sustainment, said a team is working with the General Services Administration and DOD to align the requirements, methodologies, and levels of the two programs.
“FedRAMP allows for [plans of action and milestones] and CMMC does not,” Bostjanick said Feb. 10 during an AFCEA NOVA event on IT and the intelligence community. “You’ve either got it or you don’t.”
Continue reading at: FCW