John Sherman,
CIO,
Department of Defense
DOD CIO Hopes to Increase Engagement With Small Business on CMMC
Department of Defense Chief Information Officer John Sherman said at an event hosted by AFCEA that he plans to focus on engaging with small and medium-sized businesses in connection with the Cybersecurity Maturity Model Certification program.
Sherman, a speaker at an upcoming Potomac Officers Club event and a 2022 Wash100 winner, said he also wants to provide clarity on the program’s requirements, Breaking Defense reported Wednesday.
The CIO added that enhanced cybersecurity in the defense industry will ultimately benefit warfighters, allowing them to maintain an information and technology advantage.
Sherman said he is also seeking feedback from small and medium businesses on how CMMC is affecting them. The DOD previously committed to reducing the program’s financial burden on smaller businesses.
The DOD revamped the rules of the CMMC program in late 2021, consolidating its five security levels down to three. The move was aimed at lowering barriers to compliance, especially for businesses only seeking the lowest clearance level.
Under CMMC 2.0, companies may secure Level 1 certification by conducting annual self-assessments. Higher clearance levels external audits by certified third-party assessment organizations or by a DOD team.
Deputy Defense Secretary Kathleen Hicks, a two-time Wash100 winner, recently transferred the CMMC program under the purview of Sherman’s office. CMMC used to be managed by the office previously led by Katie Arrington, a speaker at a past POC event.
Category: Speaker News