The Information Technology Industry Council (ITI) has submitted new recommendations to the U.S. Department of Defense (DoD) concerning its Cybersecurity Maturity Model Certification (CMMC) program. This marks a continuation of ITI's ongoing involvement with the DoD's efforts to enhance cybersecurity measures within the defense sector.

ITI's submission outlines seven areas for improvement aimed at fortifying the proposed rules by the Department. These recommendations are designed to ensure that the CMMC program effectively safeguards national security while supporting a secure and resilient defense industrial base.

"We're pleased that DoD continues to listen to the industry’s implementation concerns," said Leopold Wildenauer, ITI Senior Manager of Public Sector Policy. He further emphasized the importance of DoD's partnership with the Defense Industrial Base over recent years in advancing and strengthening the program within DoD contracts. "We encourage the Department to continue this path by addressing remaining concerns with the incident reporting requirements harmonization and the enforcement of waivers."

In addition, ITI advocates for aligning CMMC requirements with existing regulations and calls for clearer procedural guidelines on how these requirements should be passed down to subcontractors.

The full comments from ITI can be accessed through their official channels, along with previous feedback provided to help improve cybersecurity baseline requirements for the defense industrial base.