Industry experts continue to raise serious concerns about the way forward for the Defense Department’s cybersecurity maturity model certification (CMMC) program.
A technology industry representative told reporters on Oct. 20th that the interim rule DoD published in September didn’t offer enough clarity about the certification process, the costs to become certified and whether there will be reciprocity with other cyber standards. Comments on the interim rule are due Nov. 30 and so far more than two dozen people or organizations have submitted analysis.
The official said they are raising these concerns now because DoD is acting with some urgency to get the program rolled out with the release of the interim rule despite repeated attempts by industry and others to raise these problems.
“The interim rule in September addresses some of these concerns and it adds additional information around the requirements around National Institute of Standards and Technology Special publication 800-171, but it doesn’t really address all of them,” said the technology industry representative, who requested anonymity in order to talk candidly about the CMMC program so as not to hurt their relationship with DoD, during the conference call.
Keep reading this article at: https://federalnewsnetwork.com/defense-industry/2020/10/dods-cmmc-remains-stuck-in-drama-confusion-and-concern/