The CMMC Accreditation Body is deliberating over a partner to continuously monitor contractors’ cybersecurity posture, and sympathizes with industry leaders who are hoping a light-touch approach will win. Certification must be renewed every three years, a time period in which a company’s leadership and operations could experience “complete changeover,” thereby rendering the original assessment meaningless, commented CMMC AB board member Chris Golden in a recent webinar. A continuous monitoring system – such as that offered by SecurityScorecard, which hosted the event – might offer a way to assure compliance with standards between certifications.
Cybersecurity, Privacy, & AI
Trending Now
What Business Leaders Need to Know About Cybersecurity Certification and Enforcement in 2025–2026 • NRC Efficiency Plan to Reuse DOE, DoD Data Met With Skepticism • Closed Briefing Sets Stage For House Hearing On Anthropic’s Mythos and Cyber Risks • CISA, G7 Partners Release AI Software Bill of Materials Guidance • OMB to Refresh the Federal IT Dashboard
CMMC Official Backs Light-touch Option for Continuous Monitoring of Defense Contractors’ Cybersecurity
tilialucida | Shutterstock
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.