Scott Singer, President of CyberNINES, was quoted by a reporter from Bloomberg about the Department of Defense’s (DoD) new cybersecurity requirement and its impact on the small and medium-sized businesses. Singer recently testified before the House Small Business Committee on recommendations for making the Cybersecurity Maturity Model Certification (CMMC) compliance attainable for DoD’s small business suppliers, expressed his concerns about the insufficient number of approved Certified 3rd Party Assessment Organizations (C3PAOs) to satisfy the need to certify the defense contractors by the 2025 deadline. There is a need for roughly 8,000 C3PAOs to certify 300,000 companies in the Defense Industrial Base (DIB).
The CMMC framework was designed by the DoD to protect the Controlled Unclassified Information (CUI) that is handled by the DIB members. The new regulation will require a third-party assessment by accredited C3PAO. After 01 October 2025, all companies doing business with the DoD will be required to meet the new certification, or risk losing the DoD contract, if audited.