CMMC won’t apply to commercial-off-the-shelf suppliers, DOD website shows

FedScoop: The Cybersecurity Maturity Model Certification (CMMC) will not apply to Department of Defense suppliers that only provide commercial-off-the-shelf products, a recent change to the DOD’s website shows.

The change comes after months of DOD and CMMC officials saying that every single contractor and subcontractor must be certified, under the new cybersecurity program, by a third-party assessor to continue doing business with the military.

Read article