By: Paul Hawkins and Jake Noe
For quite some time, the Cybersecurity Maturity Model Certification (CMMC) program has been a major focus for DoD contractors, and a mainstay topic of conversation at conferences, networking events, panel discussions, and the like. Everyone agrees on the critical need to protect sensitive unclassified information from adversaries targeting the defense industrial base (DIB). While cybersecurity compliance is nothing new (contractors have been subject to the DFARS cybersecurity and reporting requirement for years), CMMC aimed to introduce a standardized and more tailored approach, making a company's assessed cybersecurity maturity a prerequisite for new contracts, moving away from a one-size-fits-all model. However, the implementation of these requirements has been inconsistent, leaving many contractors uncertain about their next steps and what to expect from future contracts. |