Abstract: The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) published the Cybersecurity Maturity Model Certification (CMMC) framework in January 2020. The CMMC is a major effort intended to strengthen the ability of Defense Industrial Base (DIB) members to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). In this article, we briefly recount the history of unclassified information handling in the U.S. Federal Government that led to the current situation and explain why the CMMC was created, what it is, and what it entails. Through a series of interviews with a convenience sample of current large and small DIB members, we explore some of the perceptions, perceived challenges, and expected impacts of the CMMC on the DIB. We also consider the chances that the CMMC will accomplish its intended goals and describe a planned future larger study of the CMMC effort and its effects on the DIB.
Download this article: JISAR - V15 N2 Page 17.pdf
Recommended Citation: Strohmier, H., Stoker, G., Vanajakumari, M., Clark, U., Cummings, J., Modaresnezhad, M., (2022). Cybersecurity Maturity Model Certification Initial Impact on the Defense Industrial Base. Journal of Information Systems Applied Research15(2) pp 17-29. http://JISAR.org/2022-2/ ISSN : 1946 - 1836. A preliminary version appears in The Proceedings of CONISAR 2021