CMMC Spurs Cybersecurity Awareness, But Don't Sleep on Everything Else
Government Contracts attorney Eric Crusius published an article on Federal News Network looking at cybersecurity requirements across federal government agencies. He recounts an experience giving a presentation on cybersecurity requirements for contractors in 2013 to illustrate how much has changed in the last decade, including the introduction of the U.S. Department of Defense's (DOD) Cybersecurity Maturity Model Certification (CMMC) program. He explains that despite some of the frustrations with the program, it has led contractors to think more carefully about cybersecurity, which in turn benefits national security. However, he also notes that a number of agencies beyond the DOD, such as the U.S. Department of Homeland Security, have implemented or will implement their own cybersecurity requirements. Between these new regulations and existing DOD requirements, the compliance landscape for contractors is becoming more and more complex — and that, he argues, creates a regulatory regime that is incongruent and less safe. The article concludes with a call for a single standard like CMMC to be adopted across the entire government and industry.