A spokesperson for the Department of Defense (DOD) said DOD will “look for avenues” to lower costs associated with the Cybersecurity Maturity Model Certification (CMMC) program for small businesses while keeping CMMC’s focus on addressing supply chain risks as part of its internal review, FedScoop reported Monday.
“CMMC does recognize and understand the concerns of small businesses and fully anticipate the majority of these companies to only require CMMC Level 1 which are the requirements that have been laid out under FAR 52.204-21 released in 2016,” the DOD spokesperson told the publication.
DOD’s statement comes after small enterprises raised concerns over the CMMC program during a House Committee on Small Business subcommittee hearing Thursday.
“The CMMC Program Office greatly appreciates the perspectives presented at the hearing and has taken this information seriously,” the spokesperson noted.
The Pentagon spokesperson said the internal review seeks to come up with a public media campaign to spread information about the CMMC program.
Potomac Officers Club (POC), the leading membership organization dedicated to connecting and empowering executives within the government contracting (GovCon) community, hosted its 2021 CMMC Forum on Wednesday, June 16th.
The Forum also hosted an expert panel moderated by Michael Baker of General Dynamics Information Technology (GDIT), featuring Karlton Johnson of the CMMC Accreditation Body, Ron Lear of ISACA-CMMI Institute, Jeffery Miller of Accenture Federal Service and Armando Seay of Maryland Innovation and Security Institute.