Stacy Bostjanick, director of the CMMC policy office and the Under Secretary of Defense for Acquisition and Sustainment, cautioned vendors to be wary of companies falsely claiming they can get other vendors certified under the new Cybersecurity Maturity Model Certification. She said the accreditation body, which is independent of DoD, is considering sending “cease and desist” letters to any company saying they can get another vendor certified under CMMC.
Bostjanick also said that civilian agencies and U.S. allies including Canada, Sweden, and the UK are paying attention to how DoD rolls out the program. “They are all watching to see if we fall on our face or not,” she remarked. “If we roll this out and make it work, they have indicated they will adopt CMMC as well.”
