No Jacob, our criticisms revolve around the absurdity of SMB's being required to babysit the government's data. It's the governments data, they should pay to have it guarded, not the contractor using the data.
That's one way to characterize the relationship between data owners and data stewards. Regardless, the government "pays" for the protection of their data via allowable costs reflected in overhead cost pools just as they do with many other DFARS clause requirements. Perhaps you are making the point that the government should pay upfront rather than reimburse contractors. In that case, the 2020 DFARS rule is clear that there is no funding appropriation attached to the rule. Just as the question of paying for 800-171 is outside the scope of the CMMC rule, the question of how and why appropriations end up in the annual NDAA is also outside of the scope of what the 2020 interim rule can affect. As valid as your point is, the CMMC rule isn't the right place to file it.
I would like to contact this speaker. Does anyone have a good link to make connection. I am SB director within AF and would like to discuss
No Jacob, our criticisms revolve around the absurdity of SMB's being required to babysit the government's data. It's the governments data, they should pay to have it guarded, not the contractor using the data.
That's one way to characterize the relationship between data owners and data stewards. Regardless, the government "pays" for the protection of their data via allowable costs reflected in overhead cost pools just as they do with many other DFARS clause requirements. Perhaps you are making the point that the government should pay upfront rather than reimburse contractors. In that case, the 2020 DFARS rule is clear that there is no funding appropriation attached to the rule. Just as the question of paying for 800-171 is outside the scope of the CMMC rule, the question of how and why appropriations end up in the annual NDAA is also outside of the scope of what the 2020 interim rule can affect. As valid as your point is, the CMMC rule isn't the right place to file it.