In 2019, the Department of Defense (DoD) announced the development of the Cybersecurity Maturity Model Certification (CMMC) Program, which was then implemented in 2020 as an interim rule. We blogged about that way back in 2020. This program was designed to give a certification to contractors based on the depth and effectiveness of their cybersecurity systems to help ensure that contractors implement required security measures. As DoD put it, “[t]he CMMC model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.” In late December 2023, the DoD issued proposed changes to the CMMC program for “CMMC 2.0,” a plan that DoD began work on back in 2021. In this post, we will take a general look at these proposed changes.
Continue readingTag Archives: DFARS 252.204-7012
Government Contractor Cybersecurity: Q&A with the Director of the Kansas SBDC Cybersecurity Center
Whether you are an active small business federal contractor, or an entrepreneur still getting your business off the ground, you are going to need a cybersecurity plan. Many DoD contractors, in particular, face a pending deadline to comply with NIST 800-171, as mandated by DFARS 252.204-7012.
The Kansas SBDC Cybersecurity Center for Small Business wants to help.
SBA To Provide Strategy For Small Businesses To Improve Cybersecurity
By the middle of this year, the U.S. Small Business Administration should have a strategy in place to assist small businesses with cybersecurity.
The 2017 National Defense Authorization Act is chock full of interesting legal changes for government contractors, and although we have chronicled it in depth, that does not mean there is not necessarily more to be mined from the whopping 1,587-page legislation.