On Feb. 2, Deputy Secretary of Defense Kathleen H. Hicks directed the realignment of responsibility for the Cybersecurity Maturity Model Certification (CMMC) program. With this directive, the responsibility for the program transitions from the USD(A&S) to the DoD CIO.
This realignment will also move the team of six DoD civilians, with contract support, responsible for administering the program, from USD(A&S) to DoD CIO.
"I'd like to highlight the great work by A&S to establish the CMMC program,” said Hon. John Sherman, DoD CIO. “As we realign responsibility for the program, it's important to note that we will continue to work closely with A&S on this program. The CMMC team, led by Stacy Bostjanick, will be aligned under the Deputy CIO for Cybersecurity to increase the program’s integration with other Defense Industrial Base Cybersecurity programs. We are moving out in the coming weeks on the rulemaking process and look forward to continuing critical collaboration with industry stakeholders."
The Department has taken this action to consolidate industry-related cybersecurity programs under common leadership and direction to enable increased synergy and collaboration across the Defense Industrial Base (DIB) Cybersecurity programs.
In the coming weeks, the CIO will begin submitting proposed changes to the Defense Federal Acquisition Regulation Supplement (DFARS) rule-making process to ensure maximum collaboration on these requirements.
For more on how CMMC 2.0 differs from its predecessor changes, visit https://www.acq.osd.mil/cmmc/index.html.