Carol Collins
Matthew Travis, CEO of the Cybersecurity Maturity Model Certification Accreditation Body, said placing the first two third-party assessment organizations into the CMMC marketplace means the Defense Department-initiated program has begun moving through the gears after more than one year of planning and discussion among stakeholders.
In a Government Matters interview posted Sunday, he noted that both CMMC-AB and DOD will work in the coming weeks to help the authorized C3PAOs prepare to begin assessments of vendors that want to achieve CMMC compliance.
The accreditation body cleared Redspin and Kratos Defense and Security Solutions in June to provide cyber readiness audit services to the defense industrial base.
Travis said that CMMC-AB aims to make the certification process understandable, accessible and transparent for interested contractors.
He describes the program as a basic cybersecurity standard meant to help companies secure not only critical information in DOD systems but also protect themselves from cyber threats.
“When you look at those cyber threat actors … their tactics, techniques and procedures are certainly getting better but what’s frustrating is that we’re leaving the front door, the side door open because we’re not taking those basic cyber hygiene measures,” Travis added.
If you’re interested in supply chain cybersecurity, then check out ExecutiveBiz’s virtual event coming up on Oct. 26. Visit the EBiz GovCon Event page to register.
