JAN 04, 2021 | US
CMMC: The Dramatic Year of the Pentagon’s Contractor Cybersecurity Program
Nextgov, January 4, 2021
By Mariam Baksh
Private-sector entities don’t usually cry out for the government to be more involved in monitoring their business practices, but 2020 has been anything but typical, and when it comes to the CMMC, that’s exactly what some of the largest tech companies are doing.
“While BSA understands that the Department of Defense seeks to create private sector-based certification infrastructure in order to enable it to meet the requirement for certifications across such a large group of vendors, the current approach creates a number of challenges undermining the integrity of the process, including potential for conflicts of interest, profiteering, and outsourcing of an inherently governmental function,” BSA | The Software Alliance wrote in response to the interim rule.
“The establishment of an independent Accreditation Board composed of representatives from the Defense Industrial Base holds the potential to put industry representatives in a position to oversee the evaluation of their competitors, a troubling potential conflict,” read the comments from BSA, which has a number of members in common with ITI. “One approach would be for the Department to re-establish the Accreditation Board as a government body, and to put in place guide rails to prevent excessive certification pricing or other abuses. In any event, the current approach must be revisited.”
BSA | The Software Alliance (www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that spark the economy and improve modern life.
With headquarters in Washington, DC, and operations in more than 30 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.