The Pentagon’s new Cybersecurity Maturity Model Certification requirements are raising concerns about how defense contractors will implement those standards when details are missing on how contractors can get audited and certified.
Through various drafts of the plan, the department slashed requirements and beefed up associated guidance that will be especially welcomed by smaller companies and nontraditional defense contractors, McCarter & English LLP’s government contracts practice co-chair Alexander Major said.
“Some can look at it, especially the more advanced contractors, and see it as somewhat patronizing, but I think that’s actually super helpful — baby step me through the process, don’t make assumptions on what I’m doing if you’re not actually telling me what to do,” said Major, who focuses a significant part of his practice on cybersecurity requirements in federal procurement.