That evolution is the arrival of the Cybersecurity Maturity Model Certification, more commonly abbreviated as CMMC. CMMC is a new standard for cybersecurity that the U.S. Defense Department is rolling out to defense contractors, requiring companies to enforce new oversight across their operations and down their supply chains.
The Defense Department’s goal is to make CMMC a standard clause for all defense contracts by 2026, including higher education institutions that do government-sponsored defense research; and professional services firms that provide consulting to the Defense Department.
Even if you are not a prime defense contractor, CMMC is still likely to join your list of compliance obligations sometime soon.
Continue reading at: Risk & Compliance Matters