Trade Groups Provide Recommendations for DoD CMMC Implementation

Jeff Brody

Six technology trade associations have asked the Department of Defense to consider their recommendations and respond to their queries with regard to the implementation of the Cybersecurity Maturity Model Certification program.

The trade groups presented their suggestions in a Thursday letter addressed to Ellen Lord, defense undersecretary for acquisition and sustainment and a 2020 Wash100 award winner, and Katie Arrington, chief information security officer and fellow Wash100 recipient.

The associations said they believe the establishment of a new third-party auditing process to advance enterprise-scale audits this year is “very ambitious” and that DoD should provide more clarity about the applicability and scope of the cyber framework if it intends to meet the timeline.

The Alliance for Digital Innovation, BSA: The Software Alliance, Cybersecurity Coalition, Information Technology Industry Council, Internet Association and the Computing Technology Industry Association urged the Pentagon to ensure that prime contractors, procurement officials and system integrators have enough knowledge of the certification requirements to “understand what needs to flow down to subcontractors, and at what specific CMMC level.”

The department should align CMMC with the Federal Risk and Authorization Management Program, Cloud Computing Security Requirements Guide and DFARS 252.204-7012. “Allowing for reciprocity with other cybersecurity requirements will reduce the cost and administrative burden of compliance and allow DoD to achieve its cybersecurity goals on a quicker timeline,” the groups wrote in the letter.

Other issues raised by the associations in the letter are consistency in procurement requirements, scope of coverage, certification in complex environments and clarification on how CMMC assessment priorities will be established.

Check Also

GRAM

Army Taps Grand River Aseptic Manufacturing for $160M COVID-19 Vaccine Production Support Contract

The U.S. Army has awarded Grand River Aseptic Manufacturing a one-year, $160M contract to provide fill and finish services for vaccines and other critical treatments that have been developed in response to the coronavirus pandemic.

Pentagon

Washington Headquarters Services Issues RFP for Acquisition Directorate Support Recompete

The Washington Headquarters Services has kicked off solicitations for the recompete of a multiple-award, indefinite-delivery/indefinite-quantity contract for analytic and technical support services to the WHS' acquisition directorate.