WASHINGTON – Today, global tech trade association ITI issued the following statement following the publication of the interim final rule to implement the Cybersecurity Maturity Model Certification (CMMC) by the U.S. Department of Defense:
“Ongoing threats of cyber-attacks and IP theft pose great risk to the U.S. Department of Defense and its industrial base, and ITI strongly supports efforts to combat these risks. Though we are disappointed that DOD did not seek public comments before releasing the new CMMC requirements for contractors, we look forward to providing input at this stage in the process. To maximize the CMMC’s effectiveness while reducing cost and burden to the industrial base, we recommend that DOD provide a standardized approach to determining appropriate levels for each procurement, allow for reciprocity with other federal cybersecurity standards, and take action to protect assessment results,” said ITI Senior Vice President of Policy and Public Sector Lead Gordon Bitko.
Earlier this year, ITI led a multi-association letter sent to leaders at the U.S. Department of Defense outlining recommendations for improving the implementation, administration, and enforcement of the Cybersecurity Maturity Model Certification (CMMC).