An update on CMMC

Michael Speca, president of Ardalyst, joins host John Gilroy on this week's Federal Tech Talk to give us an update on the CMMC initiative from the Department of...

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

CMMC is a certification program for the companies that provide goods and services for the DoD. I began in 2019 and got a lot of media attention until the end of 2020. For several months, the DoD has been quiet about CMMC, and in November of 2021, we have seen a lot of activity with revisions on the initial program.

Some have called this CMMC 2.0. It has substantial changes, including going from five levels to three levels and bringing back the idea of correcting deficiencies through a Plan of Action and Milestone ability.

Some think that the initial CMMC requirements were burdensome for small companies, and the changes are a response to reactions from that community. If innovation comes from smaller companies, would CMMC security mandates remove that source of creativity?

Michael Speca is the president of Ardalyst and he joined host John Gilroy on this week’s Federal Tech Talk to give an update on the CMMC initiative from the Department of Defense.

Speca gives his opinion on the change. He has a good perspective because Ardalyst works with a wide variety of companies in compliance.

During the interview, Michael Speca talks about the changes in levels of CMMC compliance as well as the changing role of the CMMC Third Party Assessment Organizations.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories