It’s a huge change initiative, the CMMC programme. One may say that it could be one of the biggest cyber security undertakings that any Governmental or private sector agency has undertaken globally.
This article balances the challenges and opportunities which CMMC presents and needs to address. Should the CMMC be a big bang, or a phased approach bringing companies up a level at a time. Should the DoD start by enforcing existing DFARS requirements. Will CMMC allow for fair competition? Allot has been done so far, with allot more to do.
It is clear that cyber security is required across the DIB and that CMMC provides the framework to deliver it. As with all complex programmes the devil is in the detail.