The Department of Defense published a much-anticipated Proposed Rule at the end of last year for its Cybersecurity Maturity Model Certification program. The proposed rule is our first comprehensive look at the latest iteration of the CMMC program (referred to as CMMC 2.0), which will become effective once final changes are made to DoD regulations for contractors. The program attempts to streamline the various DoD cybersecurity requirements and provide greater flexibility in the certification process.Continue Reading Defense Department Outlines Its Future Cybersecurity Program
Nikole Snyder
Nikole Snyder is an associate in the Governmental Practice in the firm's Washington, D.C. office. She is a lead associate of the firm’s Government Business Group.
Updated Timeline for DoD’s Cybersecurity Certification Program
The Department of Defense recently provided some clarity on the timeline for implementation of its Cybersecurity Maturity Model Certification (CMMC) program. The DoD now expects to complete documentation to submit to the Office of Management and Budget for its rulemaking process by July 2022. And, it plans to issue interim final rules by March 2023. If DoD sticks to this new timeline, the CMMC requirements could begin appearing in solicitations for government contracts as early as May 2023 (60 days after the rules are published). Continue Reading Updated Timeline for DoD’s Cybersecurity Certification Program
White House Focuses on Improving the Cybersecurity of National Security Systems
President Biden recently signed a National Security Memorandum on cybersecurity. This memorandum was required by an earlier executive order, which we previously have discussed here. The new memorandum (NSM) requires certain network cybersecurity measures for any government information system that is used for highly sensitive national security purposes. The requirements go into effect on a rolling basis over the next 6 months.
Continue Reading White House Focuses on Improving the Cybersecurity of National Security Systems
2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 4 of 4: Cybersecurity Maturity Model Certification (“CMMC”) 2.0
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with the federal government) should expect in 2022. This is part four of a four-part series (you can read Part 1 here, Part 2 here, and Part 3 here.
Continue Reading 2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 4 of 4: Cybersecurity Maturity Model Certification (“CMMC”) 2.0
2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 3 of 4: Cyber Incident & Ransomware Payment Reporting Legislation
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with the federal government) should expect in 2022. This is part three of a four-part series (you can read Part 1 here and Part 2 here).
Continue Reading 2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 3 of 4: Cyber Incident & Ransomware Payment Reporting Legislation
2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 2 of 4: Department of Justice (DOJ) Civil-Cyber Fraud Initiative
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with the federal government) should expect in 2022. This is part two of a four-part series (you can read Part 1 here).
Continue Reading 2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 2 of 4: Department of Justice (DOJ) Civil-Cyber Fraud Initiative
2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 1 of 4: Biden’s Cybersecurity Executive Order (EO 14028)
As 2021 draws to a close, we wanted to share a recap of some of the most important cybersecurity developments we covered this past year along with some suggestions on what companies (particularly those that do business with the federal government) should expect in 2022. This is part one of a four-part series.
Continue Reading 2021 Cybersecurity Recap for Government Contractors (and What to Expect in 2022) – Part 1 of 4: Biden’s Cybersecurity Executive Order (EO 14028)
Updates Announced to Department of Defense Cybersecurity Certification Program
The Department of Defense (DOD) recently announced several changes to its Cybersecurity Maturity Model Certification program. The program applies to those who serve as contractors and suppliers to the DOD. As described in our sister blog, the new version of the program – “CMMC 2.0” – has several important differences from the original program. CMMC 2.0 is anticipated to go into effect anywhere from nine to 24 months from now.
Continue Reading Updates Announced to Department of Defense Cybersecurity Certification Program
Interim Rule Solidifies Cybersecurity Requirements for Defense Industrial Base
The Department of Defense (DoD) recently published an interim rule that sets forth its Cybersecurity Maturity Model Certification (CMMC) program plan, as well as new requirements for a “NIST SP 800-171 DoD Assessment Methodology.” NIST SP 800-171 relates to protection of sensitive, but unclassified information (within a company’s system.) The interim rule will be effective November 30, 2020, and comments are due the same day. You can read our in-depth breakdown of the key provisions here.
Continue Reading Interim Rule Solidifies Cybersecurity Requirements for Defense Industrial Base
CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity
Cybersecurity Maturity Model Certification (“CMMC”) v.1.0, after releasing several draft versions of the document over the past year. In an effort to enhance supply chain security, the CMMC sets forth unified cybersecurity standards that DOD contractors and suppliers (at all tiers, regardless of size or function) must meet to participate in future DOD acquisitions. Through the CMMC, DOD adds cybersecurity as a foundational element to the current DOD acquisition criteria of cost, schedule, and performance. We have previously discussed CMMC on our Government Contracts & Investigations Blog.
Continue Reading CMMC Version 1.0: Enhancing DOD’s Supply Chain Cybersecurity
CISA Releases “Cyber Essentials” to Assist Small Businesses
The Department of Homeland Security Cybersecurity & Infrastructure Security Agency recently released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber Essentials provide “a starting point to cyber readiness,” and are specifically aimed at small businesses and local government agencies that may have fewer resources to dedicate to cybersecurity. The guide suggests a holistic approach for managing cyber risks, and is broken down into six “Essential Elements of a Culture of Cyber Readiness:” (1) Yourself; (2) Your Staff; (3) Your Systems; (4) Your Surroundings; (5) Your Data; and (6) Your Actions Under Stress. The final section of the guide provides a list of steps that can be taken immediately to increase organizational preparedness against cyber risks. These include backing up data, implementing multi-factor authentication, enabling automatic updates, and deploying patches quickly.
Continue Reading CISA Releases “Cyber Essentials” to Assist Small Businesses