Defense Acquisition Lead Nominee Pledges to Reevaluate CMMC

DefenseScoop reports that Michael Duffey, former Office of Management and Budget Associate Director of National Security Programs, who was nominated to be the upcoming Defense undersecretary for acquisition and sustainment, has committed to reexamine the Defense Department's Cybersecurity Maturity Model Certification 2.0 program. Duffey's pledge comes amid concerns from contractors and other defense industry experts that the program isn't viable, particularly for smaller entities. In his response to questions ahead of his confirmation hearing before the Senate Armed Services Committee, Duffey wrote that he would review existing CMMC 2.0 requirements to ensure adequate data protections without excessively burdening defense contractors. Duffey also said he would evaluate current and other approaches to conduct CMMC compliance assessments. "Bolstering cybersecurity across the DIB without placing undue burdens on small and medium-sized businesses is critical. These businesses are often more vulnerable to cyberattacks due to resource constraints, yet they play a vital role in our nation's defense," wrote Duffey, who also emphasized studies on multi-use secure secure compartmented information facilities (SCIFs).