Industry Experts Cite Concerns Over Scope, Deadlines in NDAA Provisions


Gordon Bitko, senior vice president for policy and public sector at the IT Industry Council, said there's an “arbitrary rush” for agencies to meet the National Defense Authorization Act's deadlines, Federal News Network reported Monday.

The NDAA requires the Department of Defense to “develop a consistent, comprehensive framework” for improving the security of the defense industrial base by February. The Cybersecurity Maturity Model Certification effort, launched last year, must be presented to lawmakers by March 11.

According to Bitko, DoD might “create a duplicative infrastructure” if it doesn’t address issues such as CMMC’s scope, its applicability to the supply chain and the feasibility of conducting certifications for thousands of vendors every three to five years.

In addition the CMMC, the NDAA also requires the Pentagon to pilot two to five projects involving “alpha contracting teams” for complex acquisitions.

Matthew Cornelius, executive director of the Alliance for Digital Innovation, said the effort will bring out the best in industry, academic and government entities if done correctly.

“These initiatives should be broadly scoped so as to allow true collaboration and technical expertise to influence better buying decisions and not bias outcomes towards a single, established entity,” he noted.

You may also be interested in...

Angie Lewis

Angie Lewis to Lead Naval Tech Development as NSWC Crane’s Technical Director

Angie Lewis, formerly business director and corporate operations department manager at Naval Surface Warfare Center's (NSWC) Crane Division, has been appointed to serve as the division's technical director. Lewis brings over three decades of experience to the role, with a record of supporting corporate, resource planning, customer outreach and programmatic efforts at NSWC Crane.