CMMC-AB Chairman Eyes Organizational Transition
Jeff Dalton, the newly appointed chairman of the Cybersecurity Maturity Model Certification-Accreditation Body, said the organization’s board must be restructured to become a more professional group of strategic advisers.
Dalton said in an interview with FedScoop that for the restructured CMMC-AB, members must be trained on ethics and professional board member guidelines from the National Association of Corporate Directors. He added that the organization must bring in more experienced members.
According to Dalton, the CMMC-AB right now is not a corporate board and it is time for the organization to become one. He shared that turning to a more corporate structure could eliminate some of the issues that have affected the AB since its conception in early 2020, FedScoop reported.
The Cybersecurity Maturity Model Certification program is the Department of Defense‘s framework of cybersecurity requirements for defense contractors. It requires companies working with the Pentagon to either self-assess their networks or get a third-party assessor to ensure that their networks and supply chains meet the department’s cybersecurity measures.
When the program was first established, small businesses felt that some of the requirements were too difficult to meet. When the accreditation body made adjustments in November, then CMMC-AB CEO Matthew Travis expressed concerns that there would be a shortage in demand for assessors and CMMC assessments.
Dalton shared that, since the adjustment in November, demand for CMMC assessment remained high. He also expects demand from other sectors to follow.
While demand for the guidelines is expected to grow, the new CMMC-AB chief said he is concerned with the amount of time it takes to come up with a ruling. The other concern that Dalton has involves the lack of incentives from the Pentagon to start adopting CMMC before it is required.
Dalton said companies will put themselves at greater risk the longer they wait to implement security controls in CMMC.
Tags: CMMC-AB cybersecurity Cybersecurity Maturity Model Certification Department of Defense FedScoop Jeff Dalton