Small businesses are lobbying Congress for a more lenient process to meet the Defense Department’s unified cybersecurity standard for contractors, called the Cybersecurity Maturity Model Certification (CMMC) program.

Jonathan Williams, a partner at the Washington, D.C.-based law firm PilieroMazza, told lawmakers much of small businesses concerns could be assuaged if DOD and prime contractors shoulder the burden.

The key to keeping costs and concern down is for DOD to stay true to its word and for most defense industry base companies to meet CMMC Level 1, Williams told lawmakers during a House Small Business Committee hearing on CMMC’s implementation on June 24.

“That’s not guaranteed but if we can keep as many small businesses as possible at Level 1 that will strike the right balance between ensuring that these small businesses have at least the basic cybersecurity protections in place but allow them to avoid . . . the significant additional cost when you go from a Level 1 to a Level 3,” Williams testified.

Excerpt taken from the article “Small Businesses Ask Congress to Focus CMMC on Primes and DOD” by Lauren Williams for Federal Computer Week. A recording of Jon’s testimony is available here.

If you have questions about implementing CMMC at your business or upcoming cybersecurity regulations that may impact your company, please contact Jon Williams or a member of PilieroMazza’s Cybersecurity & Data Privacy Team.