Department of War Suspends CMMC Phase II Requirements

(war.gov)

13 points | by ckrailo 8 hours ago ago

3 comments

  • amanaplanacanal 3 hours ago ago

    Hard to know if this is a good decision or not. It could very well be that they had just built too much bureaucracy into the process and it needed to be stripped down a bit. Or, given the way things work now, it might just be that they couldn't contract with some of their cronies under the new rules.

    • firesteelrain 3 hours ago ago

      It pauses the third party audit aspect. But if the contract requires NIST 800-171 compliance then nothing changes.

  • mikewarot 4 hours ago ago

    It's really sad that they did the research and figured all this stuff out after VietNam, and proceeded to forget all of it, and go with fundamentally insecure infrastructure because it's what consumers chose.