A few weeks ago, details of the assessment and certification processes under DoD’s Cybersecurity Maturity Model Certification program either leaked or were mistakenly made public, prompting analysis of the information. “The two questions that came to my mind when I looked at where we are: Why are they rushing? Are they making this too complex?” said Bill Solms of QOMPLX, which is partnering with Dunn & Bradstreet to help companies prepare for the CMMC audit. Solms concedes that “you can’t blame DoD for wanting to roll this out fast. On the other hand, you have industry saying this is coming fast and there is uncertainty. It’s not clear there will be time to iron out the wrinkles.”
