The Defense Department’s Cybersecurity Maturity Model Certification (CMMC) program, a framework to evaluate security in the defense supply chain, has its first third-party assessor. Redspin will be the first company other companies can use to verify their compliance with CMMC standards.
- Bob Bigman, former chief information security officer of the Central Intelligence Agency and founder of 2BSecure, said the news is the “first step on a long, long path” that could take 10-15 years.
- Bigman said the time required is due to the high number of defense contractors – about 300,000 – and detailed analysis in the audits.
- Bigman suggested automation of compliance testing, similar to measures other countries have taken.
