The programme will ultimately create the standard for cyber security compliance against NIST across the DIB. Whilst CMMC defines the references for good cyber security controls the challenge for companies big and small will be how to comply and maintain compliance. And challenge for those delivering oversight will be how to assess and accredit those companies.
Article from : Security Boulevard 05.2020