Understanding the requirements for compliance with the interim DFARS rule on basic assessment and compliance with Cybersecurity Maturity Model Certification (CMMC) is not a task for the faint of heart. The rule requires that you accurately report the status of your compliance with the cybersecurity requirements in National Institute of Standards and Technology Special Publication (NIST SP) 800-171 and, for specific procurements in the initial CMMC pilot program and moving forward, that you address your level of compliance under the CMMC program. Preparation here is crucial as the Department of Defense (DoD) has announced that all contractors, except those solely furnishing Commercial Off-The-Shelf (COTS), must submit their basic compliance assessment into the Supplier Performance Risk System (SPRS) to be considered for future contract awards.
Continue Reading How Do You Address Solicitation Requirements and Contract Performance After CMMC Rollout?
Helping individuals, companies, and organizations understand key legal and practical considerations for promoting compliance and making better business decisions in these types of federal, state, and local government contracting matters MORE
The ABA’s 2020 Public Procurement Symposium
The American Bar Association Public Contract Law Section (PCLS) will be hosting the 2020 Public Procurement Symposium from Wednesday, November 18 to Friday, November 20, 2020. This virtual Symposium will feature industry leaders covering a wide range of hot topics in government contracting, including impacts of COVID-19 on federal contracting, investigations and enforcement matters in…
Susan Warshaw Ebner Quoted on New DOD Cybersecurity Rule in Law360
Government Contracts & Investigations Co-Chair Susan Warshaw Ebner recently discussed the impact of the new Department of Defense (DOD) rule that will apply to government contractors in an article by Law360. The interim rule, which was published on September 29 and goes into effect on November 30, 2020, requires that contractors at all…
CMMC Advisory Board – The Good News First
The Cybersecurity Maturity Model Certification (CMMC) Advisory Board (CMMC AB) made a major announcement on September 16, 2020, announcing that it has trained an initial group of provisional assessors. As an earlier posting explains, the CMMC establishes cybersecurity controls for certification of government contractors from Level 1, the basic set of controls that all government…
Cybersecurity Supply Chain Developments – What’s Next for CMMC?
It is now June 2020. The Department of Defense (DoD) initially projected that, this month, it would issue ten pilot Requests for Information (RFIs) as part of its efforts to develop the means for its implementation of the Cybersecurity Maturity Model Certification (CMMC) under DoD contracts. To date we have not seen any of the…