Susan Cassidy is quoted in Law360 regarding the DoD’s new cybersecurity program for defense contractors, which has been delayed by COVID-19. Ms. Cassidy says the picture of what the DOD expects from contractors could become clearer after the initial requests for information that include CMMC requirements go out in June, which could effectively serve as a "beta test," providing key data for further refinements. She adds, “There is always a benefit to beta testing. And I'm sure industry is not going to be shy about raising concerns or issues, with an eye towards making it a better process.”
According to Ms. Cassidy, “It is important for the DOD to ultimately get the program right, as other federal agencies are looking at CMMC as a potential model for their own cybersecurity programs.” She says, “If this works … if it's a decent process, it would be a better process than what we have now. When a client asks me what are the cybersecurity requirements if I want to become a government contractor, it's like, 'Which agency do you want to work with?'”