Todd Overman of Bass Berry & Sims writes about the Defense Department’s push to overhaul cybersecurity requirements with a new Cybersecurity Maturity Model Certification program, to be implemented in the fall of 2020.
Contractors generally welcome the unified and modernized approach to cybersecurity, but because there are many questions left unanswered since the initial drafts released in May and in September, there are concerns among some that the perceived rush is creating undue stress and confusion.
One challenge is the need to certify an estimated 300,000 contractors through third-party auditors. The Pentagon only recently called for nonprofits to express interest in conducting oversight on those auditors, and it will take time for any interested nonprofits to get started – which will be even further delayed if any related contract is protested.