The Defense Department expects that by June 2020, industry will see cybersecurity requirements included as part of new requests for information, which typically serve as one of the first steps in the awarding of new defense contracts.
Ellen Lord, the undersecretary of defense for acquisition and sustainment, said the new cybersecurity maturity model certification program is a critical part of ensuring that companies hoping to do business with the department meet important cybersecurity requirements.
“The cybersecurity maturity model certification, or CMMC program, establishes security as the foundation to acquisition and combines the various cybersecurity standards into one unified standard to secure the DOD supply chain,” Lord said.