October 20, 2019

October 18, 2019

Subscribe to Latest Legal News and Analysis

Department of Defense Subcontractors: Cybersecurity Compliance is Top Priority

The Office of the Under Secretary of Defense for Acquisition and Sustainment has been on a fast track mission to shore up the cybersecurity measures of defense contractors and the supply chain to the Department of Defense (DOD). It is in the process of developing a Cybersecurity Maturity Model Certification (CMMC) requirement for those vendors.

Many DOD vendors and subcontractors are small businesses, and could be left behind if they don’t focus on and invest in cybersecurity readiness.

It is the goal of the DOD to release CMMC Rev 1.0 in January 2020, and there have been public announcements that the DOD will be auditing existing contractors immediately to determine compliance with the requirements.

For those looking to get into the defense contractor industry, and who don’t already have a contract, it is anticipated that CMMC will be included in all Requests for Information starting in June of 2020, and in all Requests for Proposals in the fall of 2020.

In order to be certified, a company has to be accredited by a third-party company; no self-certification will be permitted. The CMMC model has 18 domains, and certification will be provided based upon the level requested, which is dependent on the work being performed for the DOD. The levels start with basic cyber hygiene and get more sophisticated from there. Certification of contractors will be dependent on the risk posed by the work being performed and the sensitivity of data shared and disclosed.

January is coming quickly, so DOD contractors should become familiar with CMMC and get ready to be audited. We are hearing that DOD is serious about getting audits started quickly and that they won’t have much tolerance if their contractors aren’t ready. This could have a huge impact on small contractors who are not prepared for the roll out of CMMC.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.

TRENDING LEGAL ANALYSIS


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353