Arlington, Va. – Aerospace Industries Association (AIA) President and CEO Eric Fanning today commented on the newly released Cybersecurity Maturation Model Certification (CMMC) rule, announced by the Department of Defense (DOD) today.
“The Aerospace Industries Association thanks the Department of Defense for their coordination as they finalized this rule, bringing the Cybersecurity Maturity Model Certification from concept to reality. We are reviewing the final rule closely now to understand how our feedback was incorporated,” Fanning said. “As with the review of any cybersecurity rule, we are keeping in mind the balance between the need for security and minimizing barriers for industry to meet customer needs. Additionally, AIA looks forward to discussions with the Department of Defense to improve the identification and definition of controlled unclassified information (CUI), the catalyst for implementing CMMC within DOD contracts.
“Several more steps must be taken before CMMC is a seamless part of DOD contracting. The first step for defense industrial base companies will be scheduling their assessments and obtaining their certifications,” Fanning continued. “This phased approach is absolutely necessary due to the limited number of assessors to meet what we expect will be significant demand, especially among the supply chain. We are also paying close attention to and providing feedback on the upcoming rule that will establish requirements for CMMC, allowing CMMC to be fully incorporated into DOD contracts.”
AIA has been a leading voice, advocating for the DOD to consider the supply chain businesses that will be most impacted by the rule.
###
