In Calvinball, the rules were always changing. When it comes to the DoD’s Cybersecurity Maturity Model Certification, it seems to look increasingly like Bill Watterson’s masterpiece, Calvin and Hobbs.

Today’s interview is with Dr. Amy Williams from Coalfired Federal. She has years of experience in the nuances of CMMC and has a strong academic background to be able to understand complex topics and present them in an understandable manner.

Amy begins the interview with the range of activities that companies have regarding CMMC compliance. Some companies have invested thousands of hours in preparing for this rigorous compliance;. On the other hand,  some organizations do not realize it could be a twenty-four-month process and if they delay starting, they could compromise future business.

One of the main takeaways from the interview is the timeline on CMMC that Coalfire Federal provides. It has been a circuitous route where the DoD was vociferous about the program and then had a mysterious quiet period. Then, like Venus sprouting from Zeus’s brow, the DoD releases more details on CMMC.

Dr. Amy Williams observes that companies should know what is essential and what is superfluous at the varying levels of CMMC. Many defense contractors are already working 10-hour days without the burden of CMMC compliance. In order not to waste time, a framework is given as to when a company should consider using a consultant and when to bring the compliance work in-house.

The episode ends on an optimistic note – it was observed that the baseline of compliance, a mere seventeen controls, is basic cybersecurity for any modern company. These include basics like multifactor authentication and understanding where important documents are located on your network.

Follow John Gilroy on Twitter @RayGilray

Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/

Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com