International Society of Primerus Law Firms

Companies Must Be Cybersecurity Compliant – Department of Defense (DOD) Proposes New Certification Process

Widerman Malek, P.L.
Melbourne, Florida

At the recent National Defense Industrial Association (NDIA) Procurement Division Meeting, Ms. Katie Arrington, the Special Assistant for Cybersecurity to the Undersecretary of Defense for Acquisition & Sustainment, updated attendees on DoD’s new approach to addressing cybersecurity vulnerabilities. She stated the DoD will no longer compromise cybersecurity over performance, cost or scheduling in government contracts. The Pentagon estimates billions of dollars are lost each year in expertise and trade secrets as adversaries and bad actors target our defense industrial base.

The DoD’s new approach to cybersecurity will be a collaborative effort between industry and the U.S. Government as they transition away from the current self-reporting requirements under National Institute of Standards and Technology (NIST) 800-171. Known as the Cybersecurity Maturity Model Certification (CMMC) system, this new approach will use a tiered system based on the level of cybersecurity a contractor will be required to maintain in order to perform certain services or provide certain products. The range of certifications will span CMMC 1 to CMMC 5 with CMMC 1 being basic cyber hygiene. Certification under the CMMC will be performed by third party vendors and the CMMC envisions contractors receiving security scores during the performance of their contracts.

The CMMC system will apply to ALL government contractors who want to do business with the DoD. It is currently anticipated that these new requirements will be introduced in the Requests for Information (RFIs) and Requests for Proposals (RFPs) under Sections “L” and “M” during late fiscal year 2020.
Widerman Malek believes it will be only a matter of time before all federal agencies mandate similar cybersecurity protocols.

The general information contained herein is intended for informational purposes only. It is not intended to be, and should not be construed as, legal advice or legal opinion on any specific facts or circumstances.

Find a Primerus Lawyer

Business Law News Consumer Law News Defense Law News International Business Law News

Primerus News Archive

  Select Month: Go

Find a Lawyer

Primerus Law Firms (A-Z) Primerus Lawyers (A-Z) Primerus Law Firms by Practice Area Primerus Law Firms by Location Primerus Law Firms by Language Map of Primerus Law Firms