Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.
CMMC is a certification program for the companies that provide goods and services for the DoD. I began in 2019 and got a lot of media attention until the end of 2020. For several months, the DoD has been quiet about CMMC, and in November of 2021, we have seen a lot of activity with revisions on the initial program.
Some have called this CMMC 2.0. It has substantial changes, including going from five levels to three levels and bringing back the idea of correcting deficiencies through a Plan of Action and Milestone ability.
Some think that the initial CMMC requirements were burdensome for small companies, and the changes are a response to reactions from that community. If innovation comes from smaller companies, would CMMC security mandates remove that source of creativity?