The Department of Defense (DoD) has taken another step towards definitizing the cybersecurity requirements applicable to all of its contractors beginning in 2020, in the form of Cybersecurity Maturity Model Certification (CMMC). The CMMC could be a positive step towards developing a unified standard for defense contractor cybersecurity, but it is critical that industry stakeholders provide substantive feedback on the various practices and processes the current draft proposes to ensure they are practicable, likely to produce the desired effects, and clearly articulate DoD’s expectations. Furthermore, the benefit to contractors of such a unified standard will be necessarily bounded unless and until the civilian agencies undertake a similar effort to streamline cybersecurity requirements. DoD is accepting comments on this iteration of the CMMC before September 25, 2019, and intends to provide another draft for public comment in November 2019.
Read the full post at Arnold & Porter
