CMMC 2.0 – Current State of Affairs
In this episode Neal Beggan, leader of Cherry Bekaert’s Risk Advisory Services and a Principal in Cherry Bekaert’s Information Assurance & Cybersecurity Practice, selected as one of the first Provisional Assessors nationwide by the CMMC Accreditation Body, and Eric Poppe, a senior manager in the Firm’s Government Contractor Services Group, discuss the current state of the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 program and share insights on what contractors and subcontractors in the defense industrial base (DIB) should be doing now to prepare.
Discussion includes:
- The Pentagon’s shift of responsibility for the CMMC program to the DoD CIO
- Change in leadership at the CMMC Accreditation Body
- Debunking some of the rumors around the CMMC 2.0 rollout, including:
- DoD’s rollback on the number of companies who would have been allowed to self-attest, increasing the number of contractors that may require a third-party assessment
- The expected length of the rulemaking process and when the actual requirements will be incorporated into procurements
- The Government Accountability Office (GAO) report on the CMMC rollout
- What companies should be doing now to prepare for CMMC
- Incentives being considered by DoD to encourage early adoption of certification
If you haven’t already, catch up on Cherry’s Bekaert’s previous guidance on CMMC 2.0:
- On-demand webinar: CMMC 2.0 Brings Major Program Changes
- Podcast: CMMC 2.0 Brings Major Program Changes
If you have any questions regarding CMMC, Cherry Bekaert’s Risk Advisory and GovCon Consultants are available to discuss your situation with you.