It’s a new year — and a new cybersecurity regime for vendors working on defense contracts is coming.
The Defense Department has been steadily working on its new unified standard, the Cybersecurity Maturity Model Certification (CMMC), and is expected to release a final version and a list of accrediting bodies in January. But while companies shouldn’t wait until things are finalized to prep for certification, many are stuck.
“CMMC is going to be law of the land,” Corbin Evans, the director of regulatory policy for the National Defense Industrial Association, told Defense Systems, yet “folks are a little hesitant to make any major moves.”
Continue reading at: Defense Systems