Inside Cybersecurity, December 4, 2020

By Sara Friedman

Industry groups across a wide range of sectors are asking the Defense Department to provide more details on how its new cyber certification program will impact government contractors.

Depending on the type of product or service, DoD vendors may already be subject to assessment, certification, or direction under a number of existing initiatives across DOD and the Federal Government,” BSA | The Software Alliance wrote to the Pentagon, referring to the General Service Administration’s FedRAMP program, DoD’s Cloud Computing Security Requirements Guide (SRG) and audits from the Defense Contract Management Agency.

“Moreover, many vendors may obtain certifications against internationally recognized standards that attest to security controls covered by the CMMC,” BSA said. “It is unclear how CMMC certification, above and beyond these existing obligations, would improve the Department’s confidence in the security practices of such vendors.”

Read More >>

Original Posting: https://insidecybersecurity.com/daily-news/industry-groups-weigh-cmmc-costs-guidelines-assessment-pentagon-interim-rule-takes-effect