CMMC 1.0: Insights & applications

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

In the technology community everyone talks about disruption.  Well, there has been some disruption in the acquisition community at the DoD as well — it is called the Cybersecurity Maturity Model Certification (CMMC).

Ralph Kahn is the vice president of federal at Tanium and he brings his expertise to the studio to unpack CMMC for technology companies. One can agree with the number of controls at each level of CMMC; however, there are concerns about the ambitious deadline for accommodating these mandates. The aggressive launch dates can cause some companies not be able to comply in time.

Head shot of Ralph Kahn
Ralph Kahn, vice president, Federal, Tanium

Another concern is the fact that compliance is expensive, and some worry that larger contractors will have an advantage in being able to show compliance because of a larger resource base to draw from.

If the government wants innovation to save money and improve systems, the theory goes that innovation comes from risk-taking smaller companies. If that is the case, will creating new solutions to DoD problems be put on the back burner because the monoliths have gotten all the certifications?

During the interview, Kahn brought out some practical concerns as well. For example, how does CMMC deal with new cyber threats? What about re-certification?