The United States DoD (Department of Defense) is one of the largest employers in the world, with about 2.87 million employees. It spends more than a year among more than 350,000 contractors and subcontractors throughout its supply chain.
Information in the DoD network is shared digitally across the contractor and subcontractor supply chain, offering an irresistible target for nation-states and cyber criminals.
Protecting the DoD supply chain
The CMMC was developed to step up measures for protecting the DoD supply chain. Its objectives are to standardize cybersecurity controls and ensure that effective measures are in place to protect CUI (Controlled Unclassified Information) on contractor systems and networks.
All companies doing business with the DoD, including subcontractors, must become certified by an independent third-party commercial certification organization.
Your essential guide to understanding the CMMC
To help you get to grips with the CMMC, this essential pocket guide covers:
- What the CMMC is and why it has been introduced
- Who needs to comply with the CMMC
- The implementation process
- The road to certification
- CMMC implications for firms doing business with the US governmentSuitable for senior management and the C-suite, general or legal counsel, IT executives, IT organizations, and IT and security students, this pocket guide will give you a solid introduction to the CMMC and its requirements.
About the author
William Gamble is an international cybersecurity and privacy compliance expert. He is one of the few lawyers to hold advanced cybersecurity professional qualifications, and has an in-depth understanding of the design, management, and deployment of technology within the ISO 27001 framework.
With more than 30 years' experience of international regulatory practice in the U.S., EU, China, and other countries, William has had hundreds of articles published globally, written three books, and appeared on numerous radio and television programs around the world.
William is a member of the Florida Bar and several federal courts. His qualifications include Juris Doctor (JD), Master of Laws (LLM), CompTIA® A+, Network+, Security+, CASP (Advanced Security Practitioner), ISO 27001 Lead Auditor and Lead Implementer, and GDPR Practitioner (GDPR P).
