Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.
One of the reasons the Cybersecurity Maturity Model Certification (CMMC) program was promulgated was the fact the Pentagon does not manufacture anything. They rely on 300,000 suppliers to provide them everything from software applications to tires.
The bad news: many of these companies can have weak cybersecurity practices. It can be a financial burden to comply with some of the new CMMC requirements. This is also true in intermediate sized companies. Some will argue that large contractors already have lawyers and compliance professionals on staff who can accommodate the technical requests that gives them an advantage.
Michael Speca is the president and Josh O’Sullivan is the chief technology officer at Ardalyst. They joined host John Gilroy on this week’s Federal Tech Talk to talk about CMMC and small business. During the interview, Speca talked about the strengths and weaknesses of CMMC on the Microsoft platform. They argue that smaller organizations can leverage the millions of dollars that Microsoft puts into cybersecurity each year.
O’Sullivan evaluates some of the impact of COVID-19 on preparing for CMMC. Because of his technical background, O’Sullivan runs through some CMMC considerations like IoT, hybrid cloud, proprietary apps, and legacy applications.
What good is a new regulation without a little controversy? Not all sunshine and roses with CMMC. The interview ends with a response to AT&T’s Frank Kendall’s comments about CMMC.