In September 2019, the Department of Defense released its new cybersecurity maturity certification model to bring its entire industrial base up-to-date with the latest cybersecurity protections. On September 25, 2019, the Office of Advocacy provided several comments to DOD on this draft model.
Advocacy is concerned that the model lacks clarity as to how small businesses and subcontractors will be reimbursed or compensated for enhancing their cyber systems to comply with this model. Additionally, there is concern that lower levels of certification are insufficient for small businesses to maintain economic viability. Lastly, the model may have a tremendous negative impact on DOD’s small business statutory annual goal requirements.
Due to the extensive cost compliance and the impact of this model on small businesses, Advocacy recommends that it should be subjected to the notice and comment rulemaking process.
Comments are closed.