The Department of Defense will soon require companies to have adequate cybersecurity practices before bidding on contracts. The Pentagon’s Cybersecurity Maturity Model Certification is quickly gaining traction, and contractors are aiming to receive it as soon as possible. The National Defense Industrial Association recently surveyed contractors of all sizes about their thoughts on the new credential. Corbin Evans, director of Regulatory Policy at NDIA, says that all have concerns about the new system.
“People are concerned, our smallest companies are certainly concerned because of their flexibility and ability to pay for and absorb these costs associated with complying with the program. They are really worried about that,” Evans said. “And then the larger companies are certainly worried about… they have these large ecosystems in which they conduct business. How will that exactly operate within the CMMC system they have? Will they have separate certifications or company-wide certifications? Obviously, that has cost implications as well.”