Cybersecurity

The Department of Defense (DoD) has issued its long-awaited final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program into the Defense Federal Acquisition Regulation Supplement (DFARS). The rule establishes a three-year phased rollout that will ultimately apply to nearly every contractor and subcontractor handling federal contract information (FCI) and controlled unclassified information (CUI) (the new requirements do not apply to awards that do not involve the handling or transmission of FCI or CUI). Continue Reading DoD Finalizes CMMC Rule: What Defense Contractors Need to Know

After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the implementation of DoD-mandated security controls throughout the defense supply chain, the new CMMC program is a verification requirement to ensure contractors are complying with cybersecurity requirements at FAR 52.204-21, DFARS 252.204-7012, and DFARS 252.204-7020. Importantly, beginning in 2025 DoD RFPs will mandate the CMMC level contractors must meet in order to be eligible for award.Continue Reading DoD Announces Cybersecurity Maturity Model Certification 2.0 Final Rule (Finally!)

On August 22, the United States filed its complaint-in-intervention (Complaint) against the Georgia Institute of Technology (Georgia Tech) and Georgia Tech Research Corp. (GTRC, collectively, defendants), asserting claims that the defendants knowingly failed to meet cybersecurity requirements in connection with certain Department of Defense (DoD) contracts in violation of the False Claims Act.

The government’s

On August 15, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the proposed Cybersecurity Maturity Model Certification (CMMC) 2.0 program rule. Continue Reading DoD Publishes Proposed Rule to Amend DFARS Provisions Related to the CMMC 2.0 Program

We recently authored an article published by Law.com emphasizing the significance of incorporating specific international standards, such as ISO/IEC 27001 for data security and ISO 9001 for quality management, into contractual agreements when dealing with artificial intelligence (AI) and international trade. We discussed how this integration can help manage AI effectively, minimize risks, increase transparency, and foster trust among the parties involved.Continue Reading AI and International Trade Aspects of Contractual Agreements

On May 2, the Department of Defense (DOD) issued a class deviation to DFARS 252.204-7012 “to provide industry time for a more deliberate transition upon the forthcoming release of [National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Revision 3].”Continue Reading Department of Defense Issues Class Deviation Delaying Application of NIST SP 800-171, Revision 3

On March 12, the Department of Defense (DOD) promulgated a final rule that expands the eligibility criteria for the Defense Industrial Base (DIB) Cybersecurity Program, a voluntary initiative aimed at bolstering the DIB’s ability to safeguard critical information. Continue Reading Final Rule Expands Defense Industrial Base Cybersecurity Program Eligibility Criteria

From the Bass, Berry & Sims Blog Network
From the Bass, Berry & Sims Blog Network

Thought Leadership by our Attorneys.