Jesse Salazar, deputy assistant secretary of defense for industrial policy, said the Department of Defense’s (DOD) review of the Cybersecurity Maturity Model Certification (CMMC) program has three “broad goals” and the first is managing cyber costs for small businesses, Federal News Network reported Thursday.
“I recognize that small businesses are under immense market pressures,” Salazar said Tuesday at a Professional Services Council conference. “Our goal is to mitigate costs while protecting the cybersecurity of these businesses.”
He said another objective of the CMMC review is to clarify and streamline contracting requirements and cyber regulations. Salazar noted that the third goal seeks to “reinforce trust and confidence in the maturing CMMC assessment ecosystem.
“The department is ensuring that we can operationalize our requirements through a sufficient number of assessors,” Salazar said. “We are also clearly defining roles and responsibilities, standards of conduct and audit mechanisms within the external assessment ecosystem.”
In early June, the CMMC Accreditation Body announced Redspin and Kratos Defense and Security Solutions as the first two certified third-party assessment organizations. The authorization will allow them to audit companies seeking CMMC certification at Maturity Levels 1 through 3.