It has been more than two years since the Defense Department first rolled out the Cybersecurity Maturity Model Certification. The basic premise of CMMC is that all contractors and subcontractors in DoD’s supply chain, with the exception of commercial off-the-shelf product providers, would have to obtain a third-party certification of their cybersecurity proficiency before performing an awarded contract.
From the time of the rollout, a lot of significant work has been accomplished by DoD and its industry partners: a detailed cybersecurity hygiene model was rolled out, the accreditation body (AB) was established, training was created and, seven contracts were identified as the first DoD contracts that would require CMMC. Further, numerous providers have undergone the time and expense to become a registered provider or certified assessor in the AB ecosystem. Contractors have also spent significant funds to review their systems against the CMMC model to prepare for certification.
The establishment of CMMC was for good reason: Cybersecurity threats are increasing and growing more sophisticated and DoD has compelling evidence that contractor compliance with existing cybersecurity self-certifications is deficient. The specter of CMMC as a future requirement in all DoD contracts, coupled with near-term requirements for Supplier Performance Risk System (SPRS) score reporting, has gotten the attention of many Defense industrial base (DIB) members. They are taking a hard look at...
Read Full Story: https://federalnewsnetwork.com/commentary/2021/08/the-future-of-cmmc-is-here/
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.