Cybersecurity Maturity Model Certification (CMMC). Challenges and opportunities for contractors in complying with the US DoDs requirements
It won’t be long before the draft DFARS text for the US DoD CMMC programme is released for public consultation. Whilst no one knows what it will say, the MoU between the Department of Defence and the CMMC AB is in the public domain. The first round of training for CMMC provisional assessors has taken place and deployment of the standard is widely discussed in the US.
For international contractors the standard will have a profound effect on how trade, specifically procurement takes place with the US. Whilst the first phase of CMMC regulation is firmly focused upon the Department of Defence, other Federal Agencies have added CMMC requirements into their own procurement requirements. It is expected that it will gain momentum over the coming months and CMMC requirements will make their way into procurement policies.
We have written the enclosed paper to outline the history of CMMC and some of the opportunities and potential issues which companies will face, as the model is deployed.