CMMC: What does it mean to government contractors?
This week on Off the Shelf, Tom Voshell, vice president, Federal Program Office at Coupa Software provides his insights and analysis regarding data management and cyber security with a focus on the Department of Defense’s upcoming release/implementation of an updated version of its Cybersecurity Maturity Model Certification (CMMC 2.0).
Voshell discusses the underlying DFARs provisions and NIST 800-171 standard and controlled unclassified information (CUI). He lays out the process, applicability and management considerations for contractors and subcontractors who will be subject to CMMC.
Voshell also gives his thoughts on the new software attestation form, the recently released DHS cybersecurity regulations, and FedRAMP.