By Fiscal Year 2026, every contractor seeking to do business with the Department of Defense (DoD) will be required to have at least a Level 1 Cybersecurity Maturity Model Certification (CMMC), Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said Feb. 3.
DoD plans on rolling out 15 prime contracts including the CMMC requirement this year and scales up gradually, topping at 479 contracts in both Fiscal Year 2024 and 2025. Those plans take into account up to around 100 unique sub-contractors on each prime contract, meaning the plan is to have 1,500 CMMC accredited contractors by the end of Fiscal Year 2021, which ends Sept. 30.
“CMMC is coming to a company or a program near you,” Arrington said at Washington Technology’s CMMC webinar Feb. 3. “This is not a checklist…Technology is something that is really great, but you need to understand the risk-reduction strategies associated with it.”
Continue reading at: MeriTalk
You can find GTPAC guidance on CMMC here: https://gtpac.org/cybersecurity-training-video/