What can you do now to prepare for CMMC?

Gettyimages.com/athima tongloom

In the first of a series of videos, we talk to informed observers about what contractors should be doing ahead of the release of the CMMC draft rule and how they should approach what promises to be a massive and complex document for this new cybersecurity standard.

As we all anxiously await the release of the Cybersecurity Maturity Model Certification draft rule, Washington Technology has launched a series of interviews with experts across the cybersecurity spectrum.

CMMC is the Defense Department’s effort to move industry away from self-attestations that they are protecting controlled but unclassified data on industry networks. That new standard will require a network of third-party assessors, who will verify that contractors are complying with the National Institute of Standards and Technology Standard 800-171.

Episode 1 is out and features my conversations with Cyber AB CEO Matt Travis and Bob Metzger, head of the Washington office for the law firm Rogers Joseph O'Donnell.

Cyber AB has built the ecosystem to provide the assessments and certifications company need for CMMC certification. Cyber AB also is our partner in producing these video programs.

In this first episode, we discuss about how contractors should prepare for the release of the draft rule.

One of the standout quotes is from Metzger:

“What we are going to see is something that will be big, could be laborious, it will be complicated. It may seem frustrating or opaque or irritating or alarming at various places. [But] It is important for companies to look at the whole of it. To make sure they recall the context of why this is being done: to protect us against adversarial theft of valuable defense information.”

To watch my interview with Travis and Metzger, follow this link.

Upcoming episodes will look at small business challenges and revisions to NIST 800-171.