DOD to Incentivize Contractor Cybersecurity Efforts Ahead of CMMC 2.0
The Department of Defense is looking to incentivize network security improvement efforts among contractors to ensure that their cyber defenses are up to snuff even before the revamped Cybersecurity Maturity Model Certification program takes effect.
CMMC 2.0 implementation could take between nine and 24 months in observance of the rulemaking process, according to officials, so until then, the DOD is considering incentives in the form of financial rewards, among other things, Federal News Network reported.
Stacy Bostjanick, director of CMMC policy within the Office of the Under Secretary of Acquisition and Sustainment, said contractors could garner a higher profit margin if they can demonstrate that their networks are secure.
“Another area that we’re looking at is increasing the use of evaluation criteria for contracts where it doesn’t necessarily have to be a CMMC certification, but we will assess people’s network security as part of a source selection evaluation,” Bostjanick told attendees at a conference hosted by the Coalition for Government Procurement.
The DOD will also encourage companies to undergo evaluation conducted by certified CMMC third-party assessment organizations as part of the incentive effort.
Redspin, the inaugural C3PAO, reported nearly $400,000 in multiple new client agreements for CMMC readiness and assessment services in September, two months before the new rules for CMMC were announced. At the time, Redspin said defense contractors were eager to secure services from authorized vendors due to the limited number of C3PAOs in the marketplace.
Tags: CMMC 2.0 cybersecurity Cybersecurity Maturity Model Certification Department of Defense Federal News Network Redspin Stacy Bostjanick