CIO Eric Hysen explains the new hiring spree and tells FedScoop that DHS is pivoting away from a CMMC-like rulemaking approach to vendor cybersecurity.

The accreditation body also issued a draft document detailing the assessment process that third-party assessment organizations will need to follow once the final CMMC rule takes effect.

Practical deadlines for vendors and a concrete process for using the information SBOMs contain at agencies are needed, security experts say.

The Pentagon's officials overseeing the development of CMMC are planning to meet soon to address potential requirements for managed service providers under the program.

In a new report, GAO found that the DOD only met 78% of the 110 CMMC 2.0 requirements for systems that manage controlled unclassified information.

Depending on an interim rule, the Pentagon is hopeful to begin implementing CMMC controls in contracts in May 2023.

The Professional Services Council's David Berteau says that while industry waits for CMMC 2.0 rules to be issued, many contractors are already moving to come into compliance.

Companies want clarification from government over what specific artifacts and metadata it wants to assess.

The DOD IG says contracting officers should do a better job compelling contractors to meeting cybersecurity requirements.

John Sherman wants to use the same zero-trust principles the DOD has for its systems on Earth for those in space.