The Department of Defense is looking for a body to audit companies for their new Cybersecurity Maturity Model Certification. Any company that wishes to do business with DoD will have to pass their examinations. Ari Schwartz, managing director of cybersecurity services at Venable, says that much of the certification is based on NIST work, and that companies should look to that as an example to prepare for.
“The way that these assessments work and audits work, is it’s a conversation. It is similar to a financial audit in some ways but it’s really a; What are the policies, what do you have in place, how do you go about doing this? How does it map to what the levels are that are set out here?” Schwartz said. “If you look at some of the NIST work that is done in this space, that’s really the key. If you can meet those controls, you will generally be okay on the other side.”