The Defense Department details costs to "small entities" and the broader CMMC ecosystem as part of an analysis published with a final rule to implement acquisition requirements for the Pentagon's upcoming Cybersecurity Maturity Model Certification program. “Given the enterprise-wide implementation of CMMC, DOD developed a three-year phased rollout strategy. The rollout is intended to minimize both the financial impacts to the industrial base, especially small entities, and disruption to the existing DOD supply chain,” DOD says in the final regulatory...
