“Although it was already apparent, recent events have made it even clearer that cybersecurity is an essential concern for government contractors. The coming year is poised to include many cybersecurity-related changes and developments…”
“The Department of Defense (DoD) interim rule for its Cybersecurity Maturity Model Certification (CMMC) Program went into effect November 30, 2020. Although full CMMC implementation will not be achieved until 2025, a number of steps must be taken by contractors in the coming year. First, registration and reporting of assessment scores in accordance with the DoD Assessment Methodology (based on National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171) in the Supplier Performance Risk System (SPRS) are now required of all DoD contractors and subcontractors that handle controlled unclassified information (CUI). (More on these CMMC and SPRS requirements is available here.) Second, the first “pathfinder” contracts requiring CMMC review have been announced by DoD. Contractors and subcontractors seeking to obtain these contracts, expected to be awarded in late 2021, will need CMMC certification by date of award in order to participate. More contract opportunities that require CMMC certification will be forthcoming this calendar year, meaning the race is on for contractors to come into compliance and line up for assessment, lest they be excluded from DoD contracting altogether.”
“We expect other federal agencies to closely watch the CMMC rollout, and perhaps themselves adopt the same or a similar third-party cybersecurity authorization requirement for contractors in the coming year…” Read the full article here.
Source: Top Cybersecurity Considerations for Government Contractors in 2021 – By Tina Reynolds and Rachael Plymale, January 11, 2021. Government Contracts Insights.