CompTIA Newsroom

 

CompTIA Press Releases

CompTIA Joins Coalition of Tech Associations Encouraging Ongoing Partnership with DoD on CMMC

Mar 27, 2020

Washington, DC – Today, CompTIA joined a coalition of technology trade associations encouraging the Department of Defense (DoD) to continue its partnership with industry in its implementation of Cybersecurity Maturity Model Certification (CMMC). In a letter to Under Secretary of Defense for Acquisition and Sustainment Ellen Lord and Chief Information Security Officer Katie Arrington, the groups reiterated the importance of the CMMC’s objectives and offer recommendations for improving its implementation, administration and enforcement.

As the producers and operators of some of the most sophisticated and widely used information technologies, the associations – Information Technology Industry Council (ITI), Alliance for Digital Innovation, BSA: The Software Alliance, Cybersecurity Coalition, Internet Association, and The Computing Technology Industry Association (CompTIA) – have considerable first-hand knowledge of the challenging and evolving nature of the most persistent cyber threats. To that end, their recommendations aim to ensure the federal government’s front-line cyber defenses stay current and are equipped with the tools and techniques to protect sensitive systems and information of the government and industrial partners and offer clarity and predictability in key areas to avoid confusion, delay and associated costs for industry.

“We strongly support efforts to improve defense industrial base (DIB) cybersecurity and appreciate the Department’s openness in meeting with and accepting input from industry about the CMMC,” the associations wrote. “We stand ready to assist DoD in optimizing the CMMC’s effectiveness. Considering and incorporating IT industry feedback will help ensure that DoD implements a structurally sound and holistic initiative from the beginning. Doing so will also help to meet our shared goal of improving DIB cybersecurity in a manner that is aligned with other federal government initiatives and requirements to address supply chain security.”

In their letter, the associations identified several challenges in the current CMMC that could lead to the DIB being even less secure, if left unaddressed. To that end, they encouraged DoD to thoroughly consider the following suggestions and questions as the CMMC evolves during its implementation:

  • Enhance clarity about CMMC’s scope, applicability, and implementation timeline.
  • Certification and recertification, specifically how to manage certifications for a complex and multinational entity, and how companies that are not currently part of the DIB will be prioritized for certification.
  • Streamlining federal cybersecurity requirements to align and promote reciprocity between the DoD Cloud Computing Security Requirements Guide (SRG), DFARS 252.204-7012 and FedRAMP.
  • Ensure no new risks are created by providing additional clarity on how CMMC assessment results, which will contain very sensitive information, will be handled and stored, and by considering the security control requirements of high security and high availability systems.

Read the letter here.

About CompTIA

The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the more than 50 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world’s economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for advancing the tech industry and its workforce. Visit www.comptia.org to learn more.

About CompTIA Public Sector & Advocacy

CompTIA supports policies that positively impact the ability of the IT industry to develop, manufacture, and sell solutions in the global marketplace. We work to promote investment and innovation, market access, effective cybersecurity, consistent privacy regulation, streamlined procurement, and research and development. As the leading provider of vendor-neutral IT certifications, we also support efforts to promote a well-trained technical workforce. Visit www.comptia.org to learn more.

View all Press Releases

Media Resource Center

Media Contact

Steve Ostrowski

Senior Director, Corporate Communications
(630) 678 - 8468
[email protected]

Public Sector Media Contact

Roger Hughlett

Director, Corporate Communications
(202) 503 - 3644
[email protected]


Follow Us

Follow us on social media to keep up to date on CompTIA.


Media Library

Download CompTIA logos and assets from our press releases to use in your article or write-up.

Access Now
Media Resources
Press Releases
Subscribe to CompTIA News
CompTIA in the news
Media Library

CompTIA Meetings & Events

CompTIA’s Live Office Hours - January

Online
Jan 7th and 21st 9am/4:30pm Cohort Class Setup | Jan 14th and 28th 9am/4:30pm Dive in Data

CompTIA’s Live Office Hours - February

Online
Feb 4th & 18th at 9am/4:30pm Cohort Class Setup | Feb 11th & 25th at 9am/4:30pm Dive in Data

CompTIA Community Meeting in Mechelen

Mechelen
Thursday 6 February, 2025 at 9:30am

View all CompTIA Meetings & Events

Fast Facts

  • $2 trillion – Estimated direct economic impact of the U.S. tech industry, representing 8.8% of the national economy.

  • 582,000 – Number of tech business establishments in the U.S.

  • 9.1 million – U.S. net tech employment at the end of 2022.

  • 286,400 – Estimated number of new technology jobs added in the U.S. in 2022.

  • 4.1 million – Number of postings by U.S. employers for tech job openings during 2022.