During a discussion with NextGov, stakeholers in DoD’s Cybersecurity Maturity Model Certification program discuss next steps and how the program will change DoD’s cyber environment. The CMMC, the Defense Department’s plan to subject its suppliers to independent cybersecurity audits, has implications far beyond the defense industrial base. Katie Arrington, CISO for DoD’s acquisition office and head of the program, says that its adoption or replication across the federal government and the broader U.S. economy is inevitable.
