CMMC: Transitioning to the new requirements

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne

This week on Federal Tech Talk, host John Gilroy interviewed FedHIVE CEO Michael Cardaci, who talked about ways to smooth the transition to a new set of requirements from the Defense Department called the Cybersecurity Maturity Model Certification, or CMMC.

Michael Cardaci, CEO, FedHIVE

Everyone knows that DoD gets thousands of attacks a every day. These attacks are getting more creative by attacking the trusted supply chain for maintenance of some software products. The SolarWinds incident is an example of how a trusted software supplier was shown to have been compromised.

To control some of these creative attacks, DoD has created a program that companies who do business will have to show the basic preventative measures that take to deal securely with the Pentagon.

During the interview, Cardaci listed some suggestions for getting ready for an CMMC audit. He also showed listeners that the CMMC guidelines are being applied to organizations outside the military. Recently, people from the General Services Administration, Department of Homeland Security, and Transportation Security Administration have made statements that they will be modifying acquisition to include CMMC guidelines as well.

It seems obvious that the security guideline recommended by CMMC compliance are being welcomed by a wide segment of federal information technology professionals.

Related Stories


Federal Tech Talk

TUESDAYS at 1:00 P.M.

Host John Gilroy of The Oakmont Group speaks the language of federal CISOs, CIOs and CTOs, and gets into the specifics for government IT systems integrators. Follow John on Twitter. Subscribe on Apple Podcasts or Podcast One.

Sign up for breaking news alerts