Officials at the Defense Information Systems Agency don’t know whether forthcoming vendor cybersecurity standards will shrink the pool of contractors that qualify for critical tech projects.
In January, the Pentagon plans to publish the final version of the Cybersecurity Maturity Model Certification, or CMMC. Under the framework, companies would have their cyber practices graded on a scale of one to five, and procurement officials would use the rating to determine which vendors are eligible for certain contracts, with more sensitive projects requiring more stringent security standards.