A group of several technology company alliances – representing over 100 companies – warn that the DoD’s Cybersecurity Maturity Model Certification initiative could have the opposite of its desired effect, and create security risks. They argue that current implementation plans “lack sufficient clarity and predictability in key areas, and as a result may unnecessarily generate confusion, delay and associated costs.”
Pentagon officials say they are moving slowly, and with “irreversible momentum,” stressing that the CMMC won’t be fully implemented until 2026. But they recently noted the coronavirus pandemic won’t affect their implementation timeline, which involves including CMMC requirements in 10 “pathfinder” Requests for Information this year.
