The Pentagon on Jan 31 released the official version 1.0 of its unified cybersecurity standard that all contractors must meet by 2026.
The standard, called the Cybersecurity Maturity Model Certification (CMMC), will apply to any company that does business with the Department of Defense, from weapons contractors protecting highly classified intellectual property to landscaping firms that service DOD installations. CMMC will apply to subcontractors as well as primes.
Under Secretary of Defense for Acquisition and Sustainment Ellen Lord told reporters during a Jan. 31 briefing that CMMC will be a “complicated rollout” and that the five-year timeline was “realistic” before making it mandatory in all contracts.
PERSPECTIVE: CMMC Is a Regulatory Time Bomb for Federal Contractors