Lawrence Prosen was quoted in a Law360 article discussing the U.S. Department of Defense’s decision to suspend the Phase 2 requirements of its Cybersecurity Maturity Model Certification (CMMC) program and the uncertainty surrounding the future of cybersecurity compliance requirements for defense contractors.
Addressing potential changes to the program following the Department of Defense’s 60-day review, Larry suggested that stakeholders may advocate for a more targeted approach to third-party certification requirements. He stated “I could see ... stakeholders come in and say, you've really painted with too broad of a brush here. We think that the self-certification, that's fine, and we can do that under the step one scenario. Step two and three, those should be more limited to parties perhaps with secure contracts.”
To read the full article, click here (subscription required).