The Department of Defense's Cybersecurity Maturity Model Certification initiative will ultimately impact every corner of the federal contracting community. DOD's goal is to have every contractor in its supply chain certified, and civilian agencies are expected to follow suit -- so few firms can afford to ignore CMMC's planned requirements and implications.
This far-reaching security framework is still in the very early stages of development -- accreditation standards for the third-party CMMC auditors is not yet finalized, and the multi-level security requirements themselves are still being refined. Yet the first solicitations to require CMMC are expected this fiscal year, so it's essential to understand the rapid evolution of this initiative.
At this Washington Technology Power Breakfast we heard from DOD officials, members of the CMMC accreditation body and other key stakeholders discuss this critical issue. Topics discussed included:
- The different levels of CMMC
- Feedback on the final framework
- Where to expect the first "CMMC contracts"
- What to look for in an auditor
- What will be required of small business
- The cost of compliance and contract pricing implications