The Department of Defense expects contractors to have Cybersecurity Maturity Model Certification (CMMC) in place for procurements that will happen in 2020.  The standards on how to asses a company’s status are just being rolled out now, though, and no company has yet gone through the actual process.  More than one observer has said “what’s the rush?”.  Indeed, while the idea behind CMMC, to ensure the cybersecurity of DOD contractors, is a good one, the short time frame between when assessments can actually take place and procurements requiring certification role out almost guarantees that there will be problems and logjams.  “It’s not clear there will be time to iron out the wrinkles,” said Bill Solms, the general manager and president for government solutions at QOMPLX in a recent Federal News Network article.  While DOD officials have said there will be “pathfinders” to test the new assessment protocols, guidance from the agency on how many companies will qualify has been uneven.  DOD is also intentionally limiting the number of assessment organizations until they get a better handle on how the accreditation process actually functions.  All of this can leave contractors caught between a compliance rock and a hard place.  While not all DOD procurements will contain CMMC requirements right off the bat, several larger projects will.  If FedRAMP cloud accreditation experience is any guide, what projects are covered and the security level needed to compete will be at least somewhat subjective. DOD promises that the situation will become clearer once accreditation standards are announced.  That still does not ensure that accreditation of individual companies will take place in a timely manner, especially in time to ensure competition on important acquisitions.  DOD officials should consider postponing the implementation of CMMC to avoid a mess that may make navigating the Capital Beltway look as easy as one of John Denver’s country roads.  See the article here for more:  https://federalnewsnetwork.com/reporters-notebook-jason-miller/2020/05/cmmc-accreditation-body-close-to-releasing-assessor-training-requirements/