Industry Experts Cite Concerns Over Scope, Deadlines in NDAA Provisions

Gordon Bitko, senior vice president for policy and public sector at the IT Industry Council, said there's an “arbitrary rush” for agencies to meet the National Defense Authorization Act's deadlines, Federal News Network reported Monday.

The NDAA requires the Department of Defense to “develop a consistent, comprehensive framework” for improving the security of the defense industrial base by February. The Cybersecurity Maturity Model Certification effort, launched last year, must be presented to lawmakers by March 11.

According to Bitko, DoD might “create a duplicative infrastructure” if it doesn’t address issues such as CMMC’s scope, its applicability to the supply chain and the feasibility of conducting certifications for thousands of vendors every three to five years.

In addition the CMMC, the NDAA also requires the Pentagon to pilot two to five projects involving “alpha contracting teams” for complex acquisitions.

Matthew Cornelius, executive director of the Alliance for Digital Innovation, said the effort will bring out the best in industry, academic and government entities if done correctly.

“These initiatives should be broadly scoped so as to allow true collaboration and technical expertise to influence better buying decisions and not bias outcomes towards a single, established entity,” he noted.

You may also be interested in...

Supply Chain Mgmt

DLA, GSA Officials Talk Supply Chain Mgmt Priorities

The Defense Logistics Agency (DLA) has employed additive manufacturing and other techniques in its supply chain operations to support missions including the delivery of 10,000 face shields to health workers in New York City. Sly Ahn noted that the agency also used a “reverse logistics approach” to its missions beyond COVID-19 response.