An update on CMMC

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

CMMC is a certification program for the companies that provide goods and services for the DoD. I began in 2019 and got a lot of media attention until the end of 2020. For several months, the DoD has been quiet about CMMC, and in November of 2021, we have seen a lot of activity with revisions on the initial program.

Some have called this CMMC 2.0. It has substantial changes, including going from five levels to three levels and bringing back the idea of correcting deficiencies through a Plan of Action and Milestone ability.

Some think that the initial CMMC requirements were burdensome for small companies, and the changes are a response to reactions from that community. If innovation comes from smaller companies, would CMMC security mandates remove that source of creativity?

Michael Speca is the president of Ardalyst and he joined host John Gilroy on this week’s Federal Tech Talk to give an update on the CMMC initiative from the Department of Defense.

Speca gives his opinion on the change. He has a good perspective because Ardalyst works with a wide variety of companies in compliance.

During the interview, Michael Speca talks about the changes in levels of CMMC compliance as well as the changing role of the CMMC Third Party Assessment Organizations.


Federal Tech Talk

TUESDAYS at 1:00 P.M.

Host John Gilroy of The Oakmont Group speaks the language of federal CISOs, CIOs and CTOs, and gets into the specifics for government IT systems integrators. Follow John on Twitter. Subscribe on Apple Podcasts or Podcast One.