NDIA’s CMMC Comment Project


The Interim Rule that implemented the Cybersecurity Maturity Model Certification (CMMC) became effective Nov. 30, 2020. As part of the rule’s publication, there was a comment period to aid in creating the final rule. The government received 169 comments, including those from the National Defense Industrial Association (NDIA) and from the Council on Defense and Space Industry Associations (CODSIA), which NDIA signed. NDIA’s Cyber Legal Policy Committee and Strategy & Policy Team worked together to submit its official comment.

As part of a member-driven research project, a NDIA Junior Fellow examined 32 official submissions for common key issues. The study was limited to 32 comments because of time and resource constraints. These comments came from trade associations, corporations, and academic institutions.

There were 19 individual issues identified across the 32 comments. The most commonly cited were:

1) Defining Controlled Unclassified Information (included in 18 comments)

2) Using self-assessment scores in the source selection process (included in 18 comments)

3) Defining key terms (included in 16 comments)

Interestingly, of the 32 comments, NDIA’s official comment identified 16 of the 19 individual issues. The official comment with the second most identified issues had 13, with the average number of issues identified per official comment being 4.7.

Of the 32 comments, only those from NDIA and one other identified CMMC as a barrier to entry for new entrants, which includes small businesses.

[See the full analysis spreadsheet here]

NDIA’s Junior Fellows program is a year-round, part-time program for graduate students in public policy, international affairs, and law. This year, six Junior Fellows contributed to NDIA’s legislative and regulatory advocacy work. The Junior Fellows contributed to the annual Vital Signs series on the health and readiness of the defense industrial base. The Junior Fellows frequently write for National Defense Magazine and occasionally collaborate with members of the defense industrial base on articles for the magazine. Students from UC San Diego GPS, Johns Hopkins-SAIS, Southern University Law Center, George Mason’s Schar School of Policy and Government, and many others have participated in the program.

To learn more about the program or to apply, please visit: ndia.org/policy/jr-fellows.

Topics: Cybersecurity

Comments (0)

Retype the CAPTCHA code from the image
Change the CAPTCHA codeSpeak the CAPTCHA code
Please enter the text displayed in the image.