Government Accountability Office Audit: DoD Needs to Improve Communication with Industry for CMMC

The Defense Department needs to improve communication with industry and develop performance measures regarding its Cybersecurity Maturity Model Certification framework, according to an audit released by the Government Accountability Office Dec. 8.

The audit, which took place over the past calendar year, found the Defense Department is inadequately reviewing CMMC, which was created in 2019 as a means for defense contractors to improve cybersecurity and information security practices through third-party assessments.