Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home News

Cybersecurity Certification for Contractors

December 28, 2023
Reading Time: 2 mins read
in News
Cybersecurity Certification for Contractors

The U.S. Department of Defense has unveiled a pivotal proposed rule for the Cybersecurity Maturity Model Certification (CMMC) program, aimed at streamlining compliance and fortifying safeguards for sensitive data against cyber threats. This long-awaited rule introduces a tiered security framework tailored for contractors and subcontractors handling sensitive unclassified information.

The tiers span three levels, with Level 1 encompassing fundamental security measures and Level 3 mandating the most advanced protocols. Contractors falling within CMMC levels 2 and 3 will undergo third-party compliance evaluations. Moreover, these contractors must attain specific CMMC levels to vie for particular contract awards, as outlined in the draft. This initiative, labeled “CMMC 2.0,” was initially outlined by the Defense Department back in November 2021.

The extensive 200-page draft delineates precise security requisites corresponding to each tier, with Level 1 contractors tasked with implementing 15 security measures stipulated in the Federal Acquisition Regulation. As the tiers progress, the requirements become more rigorous. For instance, Level 2 contractors must adhere to 110 security measures from NIST SP 800-171, in addition to fulfilling Level 1 criteria. Meanwhile, Level 3 contractors must comply with Level 1 and Level 2 prerequisites, alongside 24 supplementary security measures from NIST SP 800-172.

The Pentagon plans to evaluate Level 3 security adherence and grants contractors 180 days post-assessment to devise and execute action plans to fulfill any unmet security requirements. While Level 1 contractors handle federal contracting information, Level 2 and 3 contractors manage controlled unclassified information. All CMMC contractors must report their security assessments to the Defense Department, although Levels 1 and 2 are permitted to conduct self-assessments.

By delegating self-assessments to the initial tiers of contractors, the Pentagon anticipates cost savings, reserving resources from the Defense Industrial Base Cybersecurity Assessment Center for the final tier’s evaluations. This proposed rule marks a pivotal step in fortifying cybersecurity measures within the defense industrial base while promoting greater transparency and accountability among contractors.

Reference:
  • US Department of Defense Unveils CMMC 2.0 for Strengthened Cybersecurity Measures
Tags: CMMCCyber NewsCyber News 2023Cyber RiskCyber threatsCybersecurityDecember 2023Department of defensesecurity adherence
ADVERTISEMENT

Related Posts

Oregon Has Passed a New Data Privacy Law

UK To Invest £1B In Cyber Army For Defense

May 29, 2025
Oregon Has Passed a New Data Privacy Law

Oregon Has Passed a New Data Privacy Law

May 29, 2025
Oregon Has Passed a New Data Privacy Law

Horizon 3 AI Secures Near $100M

May 29, 2025
New CISA SIEM and SOAR Cyber Guide Released

New CISA SIEM and SOAR Cyber Guide Released

May 28, 2025
New CISA SIEM and SOAR Cyber Guide Released

Iranian Pleaded Guilty in Robbinhood Case

May 28, 2025
New CISA SIEM and SOAR Cyber Guide Released

Vietnam Cites Security For Telegram Ban

May 28, 2025

Latest Alerts

New PumaBot IoT Botnet Uses SSH Attack

APT41 Uses Google Calendar For C2 Operations

New NodeSnake RAT Hits UK Universities

Microsoft Void Blizzard Cyber Threat Alert

Fake DocuSign Alerts Target Corporate Logins

Fake Bitdefender Site Spreads Venom Malware

Subscribe to our newsletter

    Latest Incidents

    Cork Protocol Paused After $12M Exploit

    Victoria’s Secret Site Down After Breach

    LexisNexis GitHub Breach Affects 364K People

    Migos IG Hack Blackmails Solana Cofounder

    Tiffany & Co. Faces Data Breach Incident

    MathWorks Crippled by Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial