CMMC rules present difficulty for small suppliers
“We’ve been involved in some processes where we’re trying to get the government to give people a little bit of leeway, and they’ve been unyielding on it,” Avatara CEO says.
It’s here, it’s real, and it’s not necessarily your friend.
That’s how some smaller suppliers are treating the Department of Defense (DOD) Cybersecurity Maturity Model Certification (CMMC) requirements. Enforcement is now tied to the outcome of third-party cybersecurity audits—prior to the new rule change, companies were expected to self-assess compliance—which has boosted the difficulty of meeting security standards.
According to Rob McCormick, CEO of cloud computing company Avatara, there’s little chance that the federal government will bend on the requirements, making compliance a necessity to win and fulfill government defense contracts.