The Cybersecurity Maturity Model Certification (CMMC) program has an update to reduce and streamline the system. Those changes could have big impacts for federal contractors.
- Eric Crusius, partner at Holland & Knight, said CMMC 2.0 is good news for contractors in that new self-certification measures could lower costs and there is more reliance on existing requirements.
- Crusius said C-suite leaders now have to annually certify that companies are compliant with the requirements, leaving companies to take on some of the risk that would have been passed on to a third party before.
- He said contractors should prepare their systems and make sure certifications are consistent.