On Aug. 15, the U.S. Department of Defense issued a proposed rule, Assessing Contractor Implementation of Cybersecurity Requirements, which seeks to implement contractual requirements for DOD contracts related to the recently proposed Cybersecurity Maturity Model Certification 2.0 Program.CMMC 2.0 would require federal contractors and subcontractors competing for DOD contracts to demonstrate continued compliance with a range of cybersecurity measures to maintain eligibility for performing and winning new federal awards.
The proposed rule would implement a number of new cybersecurity provisions, including:
- A requirement in the contract clause for contractors to notify contracting officers within 72 hours of “any lapses in information security”
- A statement that a CMMC 2.0 certification is only current if there have been “no changes in CMMC compliance since the date of the assessment”
- A requirement for contractors on DOD contracts to use only information systems that have an appropriate CMMC 2.0 certification, regardless of whether the data on these systems is covered by CMMC 2.0
While ABC recognizes the importance of implementing necessary cybersecurity protocols to enhance national security, as currently proposed these rules fail to provide clarity and will cause increased costs and confusion for federal contractors.
Tell the DOD to clarify and streamline these new cybersecurity rules today!