Trade Groups Provide Recommendations for DoD CMMC Implementation

Jeff Brody

Six technology trade associations have asked the Department of Defense to consider their recommendations and respond to their queries with regard to the implementation of the Cybersecurity Maturity Model Certification program.

The trade groups presented their suggestions in a Thursday letter addressed to Ellen Lord, defense undersecretary for acquisition and sustainment and a 2020 Wash100 award winner, and Katie Arrington, chief information security officer and fellow Wash100 recipient.

The associations said they believe the establishment of a new third-party auditing process to advance enterprise-scale audits this year is “very ambitious” and that DoD should provide more clarity about the applicability and scope of the cyber framework if it intends to meet the timeline.

The Alliance for Digital Innovation, BSA: The Software Alliance, Cybersecurity Coalition, Information Technology Industry Council, Internet Association and the Computing Technology Industry Association urged the Pentagon to ensure that prime contractors, procurement officials and system integrators have enough knowledge of the certification requirements to “understand what needs to flow down to subcontractors, and at what specific CMMC level.”

The department should align CMMC with the Federal Risk and Authorization Management Program, Cloud Computing Security Requirements Guide and DFARS 252.204-7012. “Allowing for reciprocity with other cybersecurity requirements will reduce the cost and administrative burden of compliance and allow DoD to achieve its cybersecurity goals on a quicker timeline,” the groups wrote in the letter.

Other issues raised by the associations in the letter are consistency in procurement requirements, scope of coverage, certification in complex environments and clarification on how CMMC assessment priorities will be established.

You may also be interested in...

Naval Strike Missile

State Dept Clears $300M Sale of Raytheon Technologies-Made Naval Missiles to Romania

The State Department approved Romania's request to buy anti-ship missile systems manufactured by Raytheon Technologies (NYSE: RTX) through a potential $300M foreign military sale transaction with the U.S. government. The company's missiles and defense business would deliver two units of the Naval Strike Missile Coastal Defense System and complementary equipment to Romania's government under the potential deal, the Defense Security Cooperation Agency said Friday.

August Jackson Senior Director Deltek

ArchIntel’s AI in Competitive Intelligence Virtual Event to Discuss Maintaining Competitive Advantage

Artificial intelligence (AI), machine learning (ML) and big data have transformed how businesses conduct competitive intelligence (CI) and how our stakeholders use the developed analyses. Additionally, the federal government has integrated emerging technologies to remain competitive across the defense landscape. To register for ArchIntel’s AI in Competitive Intelligence Virtual Event, as well as view upcoming opportunities, visit ArchIntel’s Event Page.