in Cybersecurity, News

Carahsoft’s Alex Whitworth Discusses How AI, GRC Platforms Will Shape CMMC Implementation

Alex Whitworth/carahsoft.com
Alex Whitworth, sales director at Carahsoft. Whitworth wrote about CMMC's evolution in a recent article
Alex Whitworth Sales Director Carahsoft

The implementation of the Department of Defense’s Cybersecurity Maturity Model Certification marks a national shift from policy compliance to operational defense, according to Alex Whitworth, director of sales at Carahsoft Technology.

In a recent blog post, Whitworth discussed the evolution of CMMC and examined how artificial intelligence and governance, risk and compliance, or GRC, platforms can support organizations preparing for upcoming federal cybersecurity requirements.

Carahsoft's Alex Whitworth Discusses How AI, GRC Platforms Will Shape CMMC Implementation - top government contractors - best government contracting event

Learn more about how to secure government data amid threats from global adversaries and near-peer nations at the Potomac Officers Club’s 2026 Cyber Summit, scheduled for May 21, 2026. The GovCon conference will bring together noteworthy cyber officials from across the public and private sectors to discuss cyber threats to American systems. Register today

How Is CMMC Evolving Beyond Compliance?

Whitworth explained that the United States is now looking at information security as foundational to national defense, with the defense industrial base, or DIB, serving as the “digital frontline of national security.”

What Roles Do AI, GRC Play in Cybersecurity Readiness?

AI is transforming CMMC by acting as a force multiplier across the DIB, with industry players employing AI tools to summarize documents, draft policies and detect anomalies. Whitworth highlighted the potential of large language models to streamline the creation of compliance documentation and synthesize complex data to prove security readiness.

However, he emphasized the importance of human oversight in responsible AI use. Whitworth noted that at the CS5 CMMC Global Conference 2025, industry leaders shared that humans are necessary to ensure that AI-generated content is aligned with requirements. He added that “automation without governance creates new vulnerabilities.”

GRC platforms could also enhance CMMC compliance by establishing detailed audit trails, automating version control and connecting internal policies to verified evidence, Whitworth added.

By embedding GRC frameworks into day-to-day operations, contractors can more easily demonstrate continuous compliance and long-term readiness for CMMC assessments.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity

mm

Written by Elodie Collins

Charles Onstott/CALIBRE
CALIBRE CTO Charles Onstott. An offering from CALIBRE and RegScale has been deemed "Awardable" on P1SM.
CALIBRE-RegScale Offering Deemed ‘Awardable’ on DOD Marketplace
Photo / lockheedmartin.com
HIMARS. Lockheed Martin has delivered its 750th HIMARS.
Lockheed Martin Delivers 750th HIMARS Launcher