November 04, 2021

WASHINGTON – Today, global tech trade association ITI welcomed the Department of Defense’s release of a strategic direction for the Cybersecurity Maturity Model Certification (CMMC) program:

“We appreciate the effort by the U.S Department of Defense to secure the industrial base and share its goal of prioritizing and improving organizational cybersecurity,” said Gordon Bitko, ITI Senior Vice President of Policy, Public Sector. “The strategic direction for the Cybersecurity Maturity Model Certification (CMMC) program released today is an important step and welcome approach to meeting that objective. In particular, we are pleased that the Department has heard and responded to feedback in key areas such as the importance of leveraging existing security programs and the CMMC’s requirements in order to strike the right balance of security and cost. Further, we welcome the reestablishment of public-private engagement through the rulemaking process and the Department's pledge to communicate feedback on these updates to program requirements. These improvements would be supported by additional clarity on reciprocity with existing security programs like FedRAMP to ensure compliance as well as guidance on how the Department intends to enforce a common security baseline across the Defense Industrial Base. Finally, given the broad public interest in the program, the Department should set realistic expectations for feedback processing timelines to avoid further delays. We look forward to reviewing the rule and working with the Department to advance this important effort.”

ITI submitted comments to last year’s interim final rule on the CMMC, and led a group of industry associations in a letter to U.S. Department of Defense Deputy Secretary Kathleen Hicks regarding the program.

Public Policy Tags: Cybersecurity, Public Sector