tilialucida | Shutterstock

The CMMC Accreditation Body is deliberating over a partner to continuously monitor contractors’ cybersecurity posture, and sympathizes with industry leaders who are hoping a light-touch approach will win. Certification must be renewed every three years, a time period in which a company’s leadership and operations could experience “complete changeover,” thereby rendering the original assessment meaningless, commented CMMC AB board member Chris Golden in a recent webinar. A continuous monitoring system – such as that offered by SecurityScorecard, which hosted the event – might offer a way to assure compliance with standards between certifications.

More at NextGov