The Department of Defense (DOD) is still assessing how to open up the Cybersecurity Maturity Model Certification (CMMC) initiative for reciprocity with the Federal Risk and Authorization Management Program (FedRAMP) and other certification programs as part of a push to help contractors save money as they comply with the new cyber standard, FCW reported Thursday.
Stacy Bostjanick, director of Cybersecurity Maturity Model Certification at DOD’s office of the under secretary for acquisition and sustainment, said a team is collaborating with DOD and the General Services Administration to align the methodologies, levels and requirements of FedRAMP and the CMMC program, which is expected to be included in all defense contracts by 2025.
Bostjanick said Wednesday during an AFCEA Nova event that DOD has finished its reciprocity review for the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) and carried out provisional audits.
She said guidance memo for DIBCAC is awaiting signature, while guidance for FedRAMP could be issued by the end of fiscal year 2021.
