February 5, 2020
The Pentagon finalized the Cybersecurity Maturity Model Certification (CMMC) on January 31st outlining cybersecurity standards that all contractors will be required to meet by 2026. The requirements will apply to companies working with the Department of Defense in a variety of areas.
According to FCW.com, some smaller companies fear “undue burden” trying to meet the requirements for contracts. United Secretary of Defense for Acquisition and Sustainment Ellen Lord explained how the change could be difficult for companies unfamiliar with defense contracts.
Another concern FCW explained was the effectiveness of CMMC auditors. FCW spoke with Simone Petrella, the chief executive for workforce development company CyberVista, who expressed these concerns saying “the effectiveness of having a maturity level assigned to you is only going to be as good as the assessor who’s coming in and conducting that audit.”
The DoD is currently working to create rules, roles, and responsibilities of itself and the accrediting body who will conduct the audits. As soon as the DoD has the process fully smoothed out companies will be able to apply for a certification through the accrediting body. FCW says “The CMMC certification will be good for three years; with it, companies will be able to bid on contracts across DOD and the military services.”
To read more about the CMMC certification and FCW’s findings, click here.