Tech-industry groups raise CMMC concerns on FedRAMP reciprocity, vulnerability disclosures

Technology groups led by Information Technology Industry Council are urging the Defense Department to consider changes in the implementation of the Cybersecurity Maturity Model Certification program to help companies better understand the requirements and certification process.

“We are concerned that current plans for implementing CMMC lack sufficient clarity and predictability in key areas, and as a result may unnecessarily generate confusion, delay and associated costs. These challenges could lead to the [Defense Industrial Base] being even less secure, if left...