While the Department of Defense’s (DoD) new Cybersecurity Maturity Model Certification (CMMC) program seeks to significantly improve the way its contractors store and protect sensitive data, it cannot direct industry on what actions they need to take to be CMMC compliant, said the DoD CMMC lead.
Stacy Bostjanick, CMMC director for the Office of the DoD CIO, explained that the DoD has released advisories and references to help its industry partners reach CMMC compliance…
Due to the personalized properties of an organization’s network, the department is unable to formalize a one-size-fits-all roadmap to CMMC compliance, Bostjanick explained. Industry needs to find the solutions that fit their network, while still accomplishing CMMC compliance.
“We can give you guidelines, we can give you this is what it might look like, this is what we think you should consider, but we can’t give you directions,” Bostjanick said… Read the full article here.
