For defense contractors, cybersecurity professionals, and government suppliers — this New to The Street interview features David Jemmett, CEO of CISO Global, explaining the rapid rollout of the Cybersecurity Maturity Model Certification (CMMC) and what it means for companies doing business with the U.S. Department of Defense.
CMMC replaces years of informal self-attestation with mandatory third-party audits, requiring organizations to prove compliance with 110 cybersecurity controls in order to protect federal and controlled unclassified information. An estimated 220,000–300,000 companies across the defense supply chain are affected.
CISO Global is now one of just over 100 certified C3PAOs authorized to conduct official CMMC assessments. With roots in government cybersecurity work dating back to 2014 and FedRAMP-certified compliance software, the company is positioned to help organizations navigate one of the most significant cybersecurity shifts in federal contracting history.
With the first phase of enforcement already underway, Jemmett warns that delaying preparation will only increase costs and risk — and could jeopardize access to future DoD contracts.