The Defense Department’s Cybersecurity Maturity Model Certification initiative could have the opposite of its desired effect and create security risks, major companies said in a letter to top Pentagon officials Friday seeking clarification on a number of issues.
“We are concerned that current plans for implementing CMMC lack sufficient clarity and predictability in key areas, and as a result may unnecessarily generate confusion, delay and associated costs,” reads the letter to Ellen Lord, under secretary of Defense for acquisition and sustainment, and Katie Arrington, the chief information security officer for the acquisitions office. “These challenges could lead to the DIB being even less secure, if left unaddressed.”
More than 100 companies are represented in the letter.
