DEC 04, 2020 | US
Industry Groups Weigh In on CMMC Costs, Guidelines for Assessment As Pentagon Interim Rule Takes Effect
Inside Cybersecurity, December 4, 2020
By Sara Friedman
Industry groups across a wide range of sectors are asking the Defense Department to provide more details on how its new cyber certification program will impact government contractors.
Depending on the type of product or service, DoD vendors may already be subject to assessment, certification, or direction under a number of existing initiatives across DOD and the Federal Government,” BSA | The Software Alliance wrote to the Pentagon, referring to the General Service Administration’s FedRAMP program, DoD’s Cloud Computing Security Requirements Guide (SRG) and audits from the Defense Contract Management Agency.
“Moreover, many vendors may obtain certifications against internationally recognized standards that attest to security controls covered by the CMMC,” BSA said. “It is unclear how CMMC certification, above and beyond these existing obligations, would improve the Department’s confidence in the security practices of such vendors.”
BSA | The Software Alliance (www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that help businesses of all sizes in every part of the economy to modernize and grow.
With headquarters in Washington, DC, and operations in more than 30 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.