Researcher urges Pentagon to slow down on certification program, allow testing, cost assessments

A leading defense acquisition policy researcher at the Center for Strategic and International Studies is warning the Pentagon about moving too fast on its landmark cybersecurity certification program before testing its effectiveness on a handful of companies and fully assessing its costs, while cautioning that the program could solidify the current status quo of supply-chain weaknesses.

“DOD is right to prioritize industrial base cybersecurity, and it is possible that CMMC is a good solution,” writes CSIS' Morgan Dwyer in ...