The Cybersecurity Maturity Model Certification will form the basis of the Pentagon’s contracting criteria for years to come, and the first contracts requiring the certification are due out later this year. Richard Spires, CEO of Learning Tree International, says that the agency’s timeline might be too ambitious
“According to DoD, they are going to start rolling out RFIs and RFPs later this year that are going to have these requirements in them. There’s not a lot to start with, so I think the large organizations are going to be all over this,” Spires said. “By the way, it is the right thing to do. I mean, long term, when you look at major breaches, you look at the OPM data breach, the Target breach. A lot of breaches happen because of the supplier network. The contractors that are supporting the entity, they get compromised and they’ve got access to the parent systems. So, you need to look at the ecosystem. I absolutely applaud the DoD for the move they are making. I’m just worried about how large this journey is going to be.”