December 7, 2023
In Calvinball, the rules were always changing. When it comes to the DoD’s Cybersecurity Maturity Model Certification (CMMC), it seems to look increasingly like Bill Watterson’s masterpiece, Calvin and Hobbs.
Today’s interview is with Dr. Amy Williams from Coalfire Federal. She has years of experience in the nuances of CMMC and has a strong academic background to be able to understand complex topics and present them in an understandable manner.
Amy begins the interview with the range of activities that companies have regarding CMMC compliance. Some companies have invested thousands of hours in preparing for this rigorous compliance. On the other hand, some organizations do not realize it could be a twenty-four-month process and if they delay starting, they could compromise future business.
One of the main takeaways from the interview is the timeline on CMMC that Coalfire Federal provides. It has been a circuitous route where the DoD was vociferous about the program and then had a mysterious quiet period. Then, the DoD releases more details on CMMC.
Dr. Amy Williams observes that companies should know what is essential and what is superfluous at the varying levels of CMMC. Many defense contractors are already working 10-hour days without the burden of CMMC compliance. In order not to waste time, a framework is given as to when a company should consider using a consultant and when to bring the compliance work in-house.
The episode ends on an optimistic note – it was observed that the baseline of compliance, a mere seventeen controls, is basic cybersecurity for any modern company. These include elements like multifactor authentication and understanding where important documents are located on your network.
If you enjoyed this article, you may want to listen to Ep. 106 Federal Spend Management
John Gilroy appeared on National Public Radio in Washington DC for 25 years. He wrote 523 technology columns for The Washington Post. Currently, John is an award-winning lecturer at Georgetown University. Forgot to mention — he has recorded over 1,000 podcast interviews.