The Professional Services Council has responded to a Department of Defense request for comments regarding a proposed Cybersecurity Maturity Model Certification program rule.
The proposed rule, titled “Assessing Contractor Implementation of Cybersecurity Requirements,” establishes standards for CMMC 2.0, whose final rule has been published, and aims to incorporate new cybersecurity requirements into DOD contracts beginning in 2025, PSC said Thursday.
Table of Contents
Improving CMMC Implementation
In the response, PSC called for the proposed rule to clarify guidelines on how CMMC requirements for DOD contracts will be decided by contracting officers and widen CMMC’s focus to secure operational and technical data. The association also questioned whether enough contractors can be certified using existing structures to stay within the three-year implementation schedule of the DOD.
PSC additionally asked how Level 3 certification requirements will be limited to the contracts that really need them.
Working With DOD
David Berteau, president and CEO of the PSC, said improving cybersecurity practices amid increasingly sophisticated threats is necessary, but challenges to the implementation of CMMC persist.
“[We] welcome the opportunity to collaborate further with the department, both within and outside of the rulemaking process … PSC looks forward to working with DOD and the administration on addressing these and other pressing cyber issues,” Berteau added.