AIA sees potential expansion of CMMC program beyond DOD

摘要

The Aerospace Industries Association is advocating for the Defense Department's Cybersecurity Maturity Model Certification program to be used by civilian agencies, as part of an effort to address "ambiguity" over sensitive information held by contractors and create synergies. "By other federal agencies coming on board with CMMC, that will help settle the ambiguity that is currently out there ... the more synergy across the cybersecurity space for the government and industry the better," AIA's Jason Timm told Inside Cybersecurity. A major proposed rule to implement the CMMC program was published on Dec. 26. Timm noted that DOD can "lead the way forward" on cybersecurity, emphasizing that "the biggest issue is defense industrial base companies don't just work on contracts for the Defense Department, they also work for a lot of other federal agencies." Timm specifically referred to the Federal Aviation Administration, NASA and the Department of Homeland Security as examples. "Bringing other federal agencies together to coalesce around CMMC is a good thing," Timm said.