October 24, 2021

Volume XI, Number 297


October 22, 2021

Subscribe to Latest Legal News and Analysis

Interim Rule Solidifies Cybersecurity Requirements for Defense Industrial Base

The Department of Defense (DoD) recently published an interim rule that sets forth its Cybersecurity Maturity Model Certification (CMMC) program plan, as well as new requirements for a “NIST SP 800-171 DoD Assessment Methodology.” NIST SP 800-171 relates to protection of sensitive, but unclassified information (within a company’s system.) The interim rule will be effective November 30, 2020, and comments are due the same day. You can read our in-depth breakdown of the key provisions here.

The interim rule has an immediate effect for DoD contractors and subcontractors that are already required to comply with the security controls in NIST SP 800-171, as it institutes a new assessment and reporting system to verify compliance prior to contract award.  With respect to the CMMC, the interim rule largely is consistent with what DoD previously has shared (see our articles here and here for more information). CMMC requirements may be included in solicitations and contracts through September 30, 2025 only where approved by the Office of the Under Secretary of Defense for Acquisition and Sustainment.  On or after October 1, 2025, CMMC will apply to all DoD solicitations and contracts (with very limited exceptions, including procurements solely for commercially available off-the-shelf items).

Putting it Into Practice. This rule has immediate implications for all companies that do business with DoD (either directly or indirectly). DoD contractors (and subcontractors) need to assess what type(s) of information they have as well as which assessment(s) will apply to them. Companies outside of the Defense Industrial Base can benefit from following closely what DoD is doing as it is expected other government agencies and regulators will adopt the same or a similar approach for cybersecurity in the near future.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 283

About this Author

Townsend Bourne, Government Affairs Attorney, Sheppard Mullin Law FIrm

Ms. Bourne's practice focuses on Government Contracts law and litigation. Her experience includes complex litigation in connection with the False Claims Act, bid protest actions both challenging and defending agency decisions on contract awards before the Government Accountability Office and Court of Federal Claims, claims litigation before the Armed Services Board of Contract Appeals and the Civilian Board of Contract Appeals, investigating and preparing contractor claims, and conducting internal investigations. 

Ms. Bourne advises clients on a...

Nikole Snyder Associate DC Government Contracts, Investigations and International Trade

Nikole Snyder is an associate in the Government Contracts, Investigations and International Trade Practice Group in the firm's Washington, D.C. office.

Areas of Practice

Nikole represents government contractors in various government contracts litigation and counseling matters, including in the following areas:

  • Civil False Claims Act litigation defense;

  • Cybersecurity counseling;

  • Internal investigations;

  • Small business issues under the Small Business Administration regulations, including...