Skip to Content
GeneralNewsPublications

Is Your Supply Chain Ready for Cyber Inspections?

December 11, 2019

DOD’s New CMMC Security Requirements for Government Contractors Includes Mandatory Certification Audits

The new Cybersecurity Maturity Model Certification (CMMC) expands the current self-customized NIST- based cyber security approach under the DFARS to add third-party verification and certifications.  This new standard applies to all prime contractors and subcontractors as well as direct and indirect suppliers.  The CMMC rates your maturity levels between 1-5 for both technical practices and actual processes across 17 domains.  It specifies new asset management, situational awareness and recovery obligations along with minimum security for contracts, full time security operation centers, incident response teams and inter-domain encryption.  Once finalized, failure to implement these requirements may lead to bid protests, suspension, disbarment or false claims violations for non-compliance.

For more information, contact Mark Maier, chair of our Government Contracts, Technology Transactions and Homeland Security practice groups.  See also DOD’s website here: https://www.acq.osd.mil/cmmc/.