Any supplier or contractor that wishes to work with the Department of Defense (DoD) must soon comply with the Cybersecurity Maturity Model Certification (CMMC). The CMMC is a set of security standards for cybersecurity that DOD contractors must satisfy. Unlike previous cybersecurity benchmarks, a third-party audit is necessary to obtain CMMC certification. So what does that mean?
Bill Solms, QOMPLX President and General Manager, Government Solutions Division. Solms and Chip Lilliewood, Vice President of Government Programs and Channels with Dun & Bradstreet, sat down with SupplyChainBrain to discuss the CMMC. Their conversation can be seen in ‘Meeting DOD’s New Cybersecurity Rules for Contractors.’
First, CMMC will add cybersecurity “rigor to the process,” said Solms. Among other things, DoD auditors are looking for evidence of “insufficient security controls on your data: how it’s stored, how it’s segregated, how it’s managed. These are the things that make a company vulnerable to an outside intrusion,” says Solms.
In the conversation, Bill and Chip discuss the framework of the CMMC, what the DoD is looking for, and how third-parties are chosen for audits. Watch the full video and read the article at supplychainbrain.com.