Description of the blog
On Aug. 15, the U.S. Department of Defense issued a proposed rule, Assessing Contractor Implementation of Cybersecurity Requirements, which seeks to implement contractual requirements for DOD contracts related to the recently proposed Cybersecurity Maturity Model Certification 2.0 Program.
While ABC recognizes and supports the DOD’s need to protect national security through cybersecurity efforts, as currently proposed the rule raises serious concerns regarding a lack of clear definitions and flexibility for federal contractors on DOD projects.
ABC members can take action now by submitting pre-generated comments to DOD through ABC’s Action Centeror the ABC Action app, calling on DOD to clarify and streamline CMMC 2.0 regulations. Comments on the proposed rule are due Oct. 15.
Previously, on Dec. 26, 2023, the DOD released a proposed rule and guidance documents to establish CMMC 2.0. As proposed, CMMC 2.0 would require federal contractors and subcontractors competing for DOD contracts to demonstrate continued compliance with a range of cybersecurity measures to maintain eligibility for performing and winning new federal awards. ABC joined coalition comments on that rule, submitted on Feb. 26, 2024, calling for more clarity and urging a flexible implementation of CMMC requirements. This rule has yet to be finalized.
The Aug. 15 proposed rule largely defers to CMMC 2.0 as previously proposed, with a focus on providing guidance to contracting officers as well as standard contracting clauses and solicitation provisions to incorporate CMMC 2.0.
However, the proposed rule includes new provisions of note, including:
For more information on the proposed rule and cybersecurity requirements impacting federal contractors, see Wiley Rein’s legal analysis of the proposal and ABC’s Cybersecurity Resource Guide. Click here to take action!
Annual Partners