The Department of Defense's Cybersecurity Maturity Model Certification (CMMC) is on the horizon and companies in the defense supply chain have many questions. In this video podcast, Nick DeLena and Scott Goodwin from DGC’s IT Risk Assurance & Advisory practice are here to tell us if these five statements about CMMC are true or false, and share their insights:

1. CMMC will directly impact your ability to do business in the defense supply chain
2. CMMC is just a project for the IT Department
3. Reviewing your NIST 800-171 implementation is critical
4. CMMC will not be retroactive on contracts
5. There are five levels of CMMC certification and everyone must reach all five levels

For additional CMMC resources, visit our CMMC Insights Center page. DGC's IT Risk Assurance & Advisory Practice can help you achieve compliance with the CMMC. We are actively engaged with our clients across all areas of the CMMC framework including gap assessments, self-assessments, and both SSP and PoAM development.

If you have questions about who is impacted by the CMMC standards and what the compliance and certification process looks like, please contact a member of your DGC client service team or Nick DeLena, CISSP, CISA, CRISC, CDPSE at 781-937-5191 / ndelena@dgccpa.com or Scott Goodwin, OSCP, OSWP at 781-937-5722 / sgoodwin@dgccpa.com.

If you would like to get alerts and insights like this sent directly to your inbox, sign up here.