In the U.S. government’s quest to secure the nation’s supply chain amid ongoing shortages and rising security concerns, the Defense Department announced amendments to its existing Cybersecurity Maturity Model Certification scheme. Announced in November 2021, CMMC 2.0 makes crucial changes to the maturity model’s structure to make certification more accessible and defenses more effective for contractors in the Defense Industrial Base. These changes include a complete restructuring of CMMC’s maturity levels by eliminating two of the original five ratings, improved assessment protocols that reduce costs for contractors, and the introduction of a more flexible path to certification through Plans of Action & Milestones (POA&Ms).
While small and mid-size contractors might find it tempting to take a wait-and-see approach to adjusting their internal protocols, acting sooner rather than later can yield benefits to DIB contractors of all sizes and in all sectors…
In addition to safeguarding contracts, complying with security protocols can help protect the businesses’ assets. Experts can argue all day about whether CMMC 2.0 goes far enough to adequately protect data (and potentially infrastructure) from cyberattacks. However, we can all agree that doing something is better than doing nothing.
The fact is that maturing cybersecurity programs is a good thing for businesses, period. Better security means more protection for assets and information. After all, the financial repercussions of a cyberattack are often far more significant than the cost of implementing better security practices. Many smaller contractors don’t have the resources to take on those costs and stay afloat… Read the full article here.
