Department of War Suspends CMMC Phase II Requirements

13 pointsposted 11 hours ago
by ckrailo

3 Comments

amanaplanacanal

7 hours ago

Hard to know if this is a good decision or not. It could very well be that they had just built too much bureaucracy into the process and it needed to be stripped down a bit. Or, given the way things work now, it might just be that they couldn't contract with some of their cronies under the new rules.

firesteelrain

6 hours ago

It pauses the third party audit aspect. But if the contract requires NIST 800-171 compliance then nothing changes.

mikewarot

7 hours ago

It's really sad that they did the research and figured all this stuff out after VietNam, and proceeded to forget all of it, and go with fundamentally insecure infrastructure because it's what consumers chose.