The Cybersecurity Maturity Model Certification regulation may not be final for at least another year, but the Defense Department has been running a voluntary program for companies to go through a third-party assessment.

That test looks at how compliant companies are with the standards at the heart of CMMC, which will formalize how contractors should protect controlled unclassified information in their systems.

This episode features Editor Nick Wakeman's conversation with Derek Kernus, director of cybersecurity operations at professional services firm DTS, who explains how his company became compliant with the National Institute of Standards and Technology's 800-171 standard that is the basis for CMMC.

Kernus led DTS and one of its clients, IVA’AL, through DOD’s Joint Surveillance Voluntary Assessment program that measures their processes against the NIST standard.

DTS and IVA'AL got perfect scores and that will get them an automatic CMMC Level 2 certification when the rule goes into effect, probably in early 2025.

Kernus shares what they went through, what they learned and what comes next.