The U.S. Department of Defense revealed the final rule for CMMC, introducing a tiered security system for defense contractors to handle sensitive unclassified information, simplifying compliance and enhancing cyberthreat protection
The rule categorizes contractors into different tiers based on information sensitivity, with third-party assessments required for higher tiers, shifting from self-assessments to enforce higher security standards. This 'CMMC 2.0' rule reduces assessment levels from five to three, mandates compliance with NIST security measures, and introduces annual affirmation requirements, aiming to maintain public trust, ensure accountability, and safeguard sensitive information in federal contracts. ```https://www.bankinfosecurity.com/dod-unveils-final-cmmc-rule-for-defense-contractors-a-26512