Aerospace Industries Association (AIA) President and CEO Eric Fanning has shared his views on the newly announced Cybersecurity Maturity Model Certification (CMMC) rule. This rule, unveiled by the Department of Defense (DOD), marks a significant step in cybersecurity compliance for defense contractors.

"The Aerospace Industries Association thanks the Department of Defense for their coordination as they finalized this rule, bringing the Cybersecurity Maturity Model Certification from concept to reality. We are reviewing the final rule closely now to understand how our feedback was incorporated," Fanning stated.

Fanning emphasized the importance of balancing security needs with minimizing barriers for industry compliance. He noted that AIA is eager to engage in discussions with DOD to refine the identification and definition of controlled unclassified information (CUI), which is crucial for implementing CMMC within DOD contracts.

"Several more steps must be taken before CMMC is a seamless part of DOD contracting. The first step for defense industrial base companies will be scheduling their assessments and obtaining their certifications," Fanning continued. He highlighted that a phased approach is necessary due to limited assessors available to meet expected demand, particularly within the supply chain.

AIA has been proactive in advocating for consideration of supply chain businesses most affected by this new rule.