Background
The rollout of the Cybersecurity Maturity Model Certification (CMMC) as a mandatory contract requirement for government contractors working with the Department of Defense (DoD) is an enormous undertaking involving government, a newly established non-profit, many independent assessors who need to be accredited, and up to 300,000 firms in the Defense Industrial Base. The CMMC Version 1.0 model was published on 1/31/2020 and, separately, the non-profit independent CMMC Accreditation Board (CMMC AB) was established.
Impact of COVID-19 on CMMC Schedule
Given the rapid and unanticipated impact of Coronavirus/COVID-19, there are now questions from many industry observers whether this demanding and aggressive schedule can now be accomplished.
Katie Arrington, the Chief Information Security Officer for the DoD’s acquisition office and who leads the CMMC effort for the DoD, is very active providing briefings on status and progress. Katie maintains that the DoD intends to stay on schedule while respecting health concerns and to do that, will turn to do more remote training via webinars. In a recent webcast, Katie was adamant that training of assessors will occur by June and RFIs with CMMC requirements are still expected to come out in June 2020 as well.
Written by Richard Hayden. Richard Hayden leads Industry & Community Relations at Unanet. He has 30 years experience of product marketing for enterprise software companies in the USA and Europe.
You can read the full blog post on Unanet.com.