Brenda Marie Rivers
Jim Richberg, chief information security officer of Fortinet's federal business, said he believes the concept of controlled unclassified information served as an impetus of the Department of Defense's Cybersecurity Maturity Model Certification program, FedScoop reported Wednesday.
He noted during the publication's SNG Live event that contracting firms could do self-certification to support CUI-level data stored in non-federal systems before DoD introduced the CMMC standards.
Richberg added that the CUI category works to help agencies understand federal government acronyms being used to manage sensitive information.
“If you don’t genuinely understand the sensitivity the government ascribes to a given piece or category information, it’s really hard to know how to treat it," he said.
