Quick Hits

*** The Defense Department has officially recognized a key independent body charged with shaping a new unified cybersecurity standard for defense contractors. A June 1 memorandum of understanding lays out the roles of the Pentagon and the Cybersecurity Maturity Model Certification Accreditation Board to implement a unified standard for defense contractors.

“DOD will only accept certifications from an assessor or a CMMC Third Party Assessment Organization (C3PAO) who has been accredited for assessments by the CMMC-AB,” DOD said in a statement announcing the memo signing. DOD said it plans to open registration for these C3PAOs and assessors later this week. DOD said it is still working on which programs to pilot with CMMC requirements with requests for information on those pilots expected this summer.

*** The Public Interest Declassification Board is recommending a tech-heavy strategy to modernize, accelerate and even automate declassification of government secrets in accordance with established schedules, and the board wants to establish a new officer with cross-agency authority and responsibility to implement the new system. The recommendations are laid out in the board's June 1 report.

"The time is ripe for envisioning a new approach to classification and declassification, before the accelerating infux of classified electronic information across the government becomes completely unmanageable," the report states.

Steven Aftergood, the director of the Project on Government Secrecy at the Federation of American Scientists, was skeptical about the push.

"The report equivocates on the pivotal question of whether or not (or for how long) agencies should retain 'equity' in, or ownership of, the records they produce," Aftergood wrote in a blog post, and noted that "the hardest, most stubborn problem in classification policy has nothing to do with efficiency or productivity," but rather the criteria for classifying and declassifying information – and the mechanisms by which those decisions are made.