The Defense Department faces a calculated risk in terms of starting up third-party assessments under the Cybersecurity Maturity Model Certification program for early adopters, according to contracting attorney Robert Metzger, who sees ongoing work to finalize changes to the Pentagon's acquisition rules as one barrier for the delayed interim launch. Since CMMC 2.0 was announced in November, CMMC Accreditation Body CEO Matthew Travis has been vocal about starting the early adoption program where companies will be able to get a...