Department of Defense Subcontractors: Cybersecurity Compliance is Top Priority

Robinson+Cole Data Privacy + Security Insider

The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense (DOD). It is in the process of developing a Cybersecurity Maturity Model Certification (CMMC) requirement for those vendors.

Many DOD vendors and subcontractors are small businesses, and could be left behind if they don’t focus on and invest in cybersecurity readiness.

It is the goal of the DOD to release CMMC Rev 1.0 in January 2020, and there have been public announcements that the DOD will be auditing existing contractors immediately to determine compliance with the requirements.

For those looking to get into the defense contractor industry, and who don’t already have a contract, it is anticipated that CMMC will be included in all Requests for Information starting in June of 2020, and in all Requests for Proposals in the fall of 2020.

In order to be certified, a company has to be accredited by a third-party company; no self-certification will be permitted. The CMMC model has 18 domains, and certification will be provided based upon the level requested, which is dependent on the work being performed for the DOD. The levels start with basic cyber hygiene and get more sophisticated from there. Certification of contractors will be dependent on the risk posed by the work being performed and the sensitivity of data shared and disclosed.

January is coming quickly, so DOD contractors should become familiar with CMMC and get ready to be audited. We are hearing that DOD is serious about getting audits started quickly and that they won’t have much tolerance if their contractors aren’t ready. This could have a huge impact on small contractors who are not prepared for the roll out of CMMC.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.