After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the implementation of DoD-mandated security controls throughout the defense supply chain, the new CMMC program is a verification requirement to ensure contractors are complying with cybersecurity requirements at FAR 52.204-21, DFARS 252.204-7012, and DFARS 252.204-7020. Importantly, beginning in 2025 DoD RFPs will mandate the CMMC level contractors must meet in order to be eligible for award.Continue Reading DoD Announces Cybersecurity Maturity Model Certification 2.0 Final Rule (Finally!)
Cybersecurity
United States Files First Complaint Under the Civil Cyber-Fraud Initiative
On August 22, the United States filed its complaint-in-intervention (Complaint) against the Georgia Institute of Technology (Georgia Tech) and Georgia Tech Research Corp. (GTRC, collectively, defendants), asserting claims that the defendants knowingly failed to meet cybersecurity requirements in connection with certain Department of Defense (DoD) contracts in violation of the False Claims Act.
The government’s…
DoD Publishes Proposed Rule to Amend DFARS Provisions Related to the CMMC 2.0 Program
On August 15, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the proposed Cybersecurity Maturity Model Certification (CMMC) 2.0 program rule. Continue Reading DoD Publishes Proposed Rule to Amend DFARS Provisions Related to the CMMC 2.0 Program
AI and International Trade Aspects of Contractual Agreements
We recently authored an article published by Law.com emphasizing the significance of incorporating specific international standards, such as ISO/IEC 27001 for data security and ISO 9001 for quality management, into contractual agreements when dealing with artificial intelligence (AI) and international trade. We discussed how this integration can help manage AI effectively, minimize risks, increase transparency, and foster trust among the parties involved.Continue Reading AI and International Trade Aspects of Contractual Agreements
Department of Defense Issues Class Deviation Delaying Application of NIST SP 800-171, Revision 3
On May 2, the Department of Defense (DOD) issued a class deviation to DFARS 252.204-7012 “to provide industry time for a more deliberate transition upon the forthcoming release of [National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Revision 3].”Continue Reading Department of Defense Issues Class Deviation Delaying Application of NIST SP 800-171, Revision 3
Final Rule Expands Defense Industrial Base Cybersecurity Program Eligibility Criteria
On March 12, the Department of Defense (DOD) promulgated a final rule that expands the eligibility criteria for the Defense Industrial Base (DIB) Cybersecurity Program, a voluntary initiative aimed at bolstering the DIB’s ability to safeguard critical information. Continue Reading Final Rule Expands Defense Industrial Base Cybersecurity Program Eligibility Criteria
Cyber Defense Magazine Article on CMMC Proposed Rule
We published an article titled “Department of Defense Publishes Long-Awaited CMMC Proposed Rule,” in the March 2024 edition of Cyber Defense Magazine.Continue Reading Cyber Defense Magazine Article on CMMC Proposed Rule
Department of Defense Publishes Long-Awaited CMMC Proposed Rule
On December 26, the Department of Defense (DoD) published its long-awaited Cybersecurity Maturity Model Certification (CMMC) Program proposed rule, which places comprehensive cybersecurity and information security requirements on DoD contractors and subcontractors. Continue Reading Department of Defense Publishes Long-Awaited CMMC Proposed Rule
Cyber Incident Reporting May Be “Material” for Federal Contractors
Last month, the Federal Acquisition Regulatory Council proposed new cybersecurity and incident reporting regulations for federal contractors on behalf of the Department of Defense (DoD), the General Services Administration (GSA), and the National Aeronautics and Space Administration (NASA). The proposed regulations include data incident reporting requirements the government explicitly designated as material to government contractors…
Register Now | Demystifying Controlled Unclassified Information Requirements Webinar
Please join us on November 2 for an engaging webinar, Demystifying Controlled Unclassified Information Requirements: Overview of the Regulatory Landscape and Strategies for Implementing a Successful Compliance Program, alongside Stacy High-Brinkley from BDO. Together, we will illuminate the dynamic landscape of federal Controlled Unclassified Information (CUI) requirements.Continue Reading Register Now | Demystifying Controlled Unclassified Information Requirements Webinar