CMMC and the Three “Cs”: Cost, Conflicts and Competition

A. Introduction and Key Take-Aways -

The Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) program provides a metric for independent third parties to use in assessing and certifying the progress of the approximately 300,000-350,000 contractors and subcontractors in DOD’s supply chain towards adequate cyber safeguarding of confidential information, including controlled unclassified information (CUI), located on their information systems. The CMMC program is intended to supplement, and not supersede, the existing cybersecurity requirements of the Federal Acquisition Regulation (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS), including DFARS clause 252.204-7012, which incorporates the information security standards and controls of NIST SP 800-171. Implementation of CMMC will affect DOD contractors and subcontractors in many ways, but its greatest impacts will be on cost, conflicts and competition. This article examines the impact that CMMC will have on each of these areas. In particular:

- Cost. DOD officials have stated publicly that CMMC costs are allowable, but that statement is too broad for contractors to rely on. To begin with, there is a wide range of costs that could be considered “CMMC costs,” from the fees the contractor pays a third party to assess the maturity level of its information systems to the labor, software, professional and IT investment costs necessary to raise the maturity level of those systems to the desired CMMC level. The allowability of these costs depends on a number of factors, including the nature and amount of the costs, the manner in which the contractor has accounted for them and similar costs in the past, and the method for allocating such costs to government contracts. Furthermore, even if a particular contractor’s CMMC costs are deemed allowable, the contractor may not be able fully to recover those costs due to competitive pressures and other factors.

Please see full Alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Written by:

Akin Gump Strauss Hauer & Feld LLP

Akin Gump Strauss Hauer & Feld LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.