In 2019, the Department of Defense (DoD) announced the development of the Cybersecurity Maturity Model Certification (CMMC) Program, which was then implemented in 2020 as an interim rule. We blogged about that way back in 2020. This program was designed to give a certification to contractors based on the depth and effectiveness of their cybersecurity systems to help ensure that contractors implement required security measures. As DoD put it, “[t]he CMMC model consists of maturity processes and cybersecurity best practices from multiple cybersecurity standards, frameworks, and other references, as well as inputs from the broader community.” In late December 2023, the DoD issued proposed changes to the CMMC program for “CMMC 2.0,” a plan that DoD began work on back in 2021. In this post, we will take a general look at these proposed changes.
Continue readingTag Archives: FAR 52.204-21
SBA To Provide Strategy For Small Businesses To Improve Cybersecurity
By the middle of this year, the U.S. Small Business Administration should have a strategy in place to assist small businesses with cybersecurity.
The 2017 National Defense Authorization Act is chock full of interesting legal changes for government contractors, and although we have chronicled it in depth, that does not mean there is not necessarily more to be mined from the whopping 1,587-page legislation.