The Pentagon plans to publish the final version of the Cybersecurity Maturity Model Certification (CMMC) soon after the start of the calendar year. The CMMC will rank contractor cyber practices on a scale of 1-5. Officials at the Defense Information Systems Agency (DISA) have started to speculate that the new cyber requirements could significantly thin the ranks of companies eligible for critical technical projects. Small businesses and those that primarily work in the commercial sector could be the most greatly affected. “A very small number” of defense industrial base companies have state-of-the-art cybersecurity solutions, according to Maj. Gen. Garrett Yee, assistant to the director of DISA. Yee went on to say that he believes that most of those systems are at the lower end of the 1-5 scale. When asked later about how the new requirements would impact the pool of tech providers Yee stated, “No one knows the answer to that.” Still, small businesses have traditionally made up a significant part of the DOD’s tech contractor base. Additionally, the agency has been reaching out to non-traditional contractors to obtain cutting edge solutions. Many of these companies either have not or cannot make the types of investments necessary to create the type of security necessary to obtain an advanced CMMC certification. DOD leaders must balance the need for security and small business participation – both hot button political issues – as they move forward. See the article here for more.