The new Cybersecurity Maturity Model Certification (CMMC) expands the current self-customized NIST- based cyber security approach under the DFARS to add third-party verification and certifications. This new standard applies to all prime contractors and subcontractors as well as direct and indirect suppliers. The CMMC rates your maturity levels between 1-5 for both technical practices and actual processes across 17 domains. It specifies new asset management, situational awareness and recovery obligations along with minimum security for contracts, full time security operation centers, incident response teams and inter-domain encryption. Once finalized, failure to implement these requirements may lead to bid protests, suspension, disbarment or false claims violations for non-compliance.
For more information, contact Mark Maier, chair of our Government Contracts, Technology Transactions and Homeland Security practice groups. See also DOD’s website here: https://www.acq.osd.mil/cmmc/.
Stay up to date with all the latest news and events.