Contractors will soon have to get cyber certified to do business with DoD, but there is early concern that the Cybersecurity Maturity Model Certification (CMMC) framework would hinder DoD’s efforts to leverage startups. McCarter partners Alexander Major and Franklin Turner say that the rules may have a negative impact on small businesses and startups.
“This is the first, quasi-granular look at the standards that are actually going to be required of contractors,” Franklin said. “I think it tells contractors they need to get moving because…it’s going to be a standard that’s going to be incorporated into solicitations within the next year, ideally, if [DoD] is true to its word.”
“The DoD really needs to find a dynamic standard that it expects its contractors to meet,” Alex said. “This isn’t an easy problem to fix, but there needs to be a standard, and changing it every one to two years is not helpful to anyone.”