February 1, 2023

Volume XIII, Number 32

Advertisement

January 31, 2023

Subscribe to Latest Legal News and Analysis

January 30, 2023

Subscribe to Latest Legal News and Analysis

Do Business With the Federal Government? Here’s a 2022 Cybersecurity Recap: Part One – CMMC Developments

As we get settled into the New Year it is a good time to reflect on your company’s current data security and plans for 2023. In this five-part series, we reflect on the top important cybersecurity developments for companies that do business with the federal government (whether directly or as a supplier or reseller) and what we anticipate in the new year.

Today, we look at the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program. This program may once again face delays. In June 2022, DoD announced it finally expected to roll out CMMC by March 2023 as an interim final rule (discussed here). However, in December 2022, DoD announced it had not sent the proposed rule to the Office of Management and Budget (OMB) for review. In early January 2023, OMB’s Office of Information and Regulatory Affairs updated the rulemaking status of the CMMC program proposed rule and associated Open DFARS case and DoD appears to be contemplating additional changes to the program to reduce the burden on the Defense community including potentially exempting contracts exclusively for the acquisition of commercially available off-the-shelf items (COTS). 

Putting it Into Practice – What to Expect in 2023: It remains unclear when CMMC will be rolled out and whether that takes the form of a proposed rule or an interim final rule. In the meantime, defense contractors and their suppliers that handle Controlled Unclassified Information are required to implement the security controls in NIST SP 800-171 and report to DoD the results of their self-assessments against those requirements. We continue to monitor updates to the DoD rulemaking for any significant changes.

Copyright © 2023, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XIII, Number 19
Advertisement
Advertisement
Advertisement

About this Author

Townsend Bourne, Government Affairs Attorney, Sheppard Mullin Law FIrm
Associate

Ms. Bourne's practice focuses on Government Contracts law and litigation. Her experience includes complex litigation in connection with the False Claims Act, bid protest actions both challenging and defending agency decisions on contract awards before the Government Accountability Office and Court of Federal Claims, claims litigation before the Armed Services Board of Contract Appeals and the Civilian Board of Contract Appeals, investigating and preparing contractor claims, and conducting internal investigations. 

Ms. Bourne advises clients on a...

202-469-4917
Lauren Weiss Associate Washington D.C. Sheppard, Mullin, Richter & Hampton LLP
Associate

Lauren Weiss is an associate in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Areas of Practice Lauren’s practice focuses on government contracts litigation, investigations, and counseling matters including the following areas:  Cybersecurity counseling, Internal Investigations, Regulatory compliance,  Bid protests before the U.S. Government Accountability Office, Civil False Claims Act litigation defense, and Transactional due diligence.

Prior...

202-747-2678
Advertisement
Advertisement
Advertisement