Cybersecurity, Privacy, & AI

Trending Now
Top House Cyber Lawmaker Plans to Introduce DHS Overhaul Bill by Next Year • Executive Orders Seek to Hasten Quantum Computing—and Guard Against Its Use • In a First, a Court Takedown Goes After Two Cybercrime Tools at Once • NIST Opens Updated IoT Security Guidance to Public Review • Five Eyes Agencies Urge Leaders to Strengthen Cyber Resilience in AI Era
Protests & Claims Newsletter Cyber & Privacy Newsletter Compliance & Enforcement Newsletter Development Newsletter Transforming Procurement Newsletter
Published on December 14, 2021 • Cyber

CMMC 2.0 Simplifies Requirements But Raises Risks for Government Contractors

CMMC 2.0 Simplifies Requirements But Raises Risks for Government Contractors

G-Tech Studios | Shutterstock

For defense industrial base companies that will provide annual self-assessment affirmations within the CMMC 2.0 framework, steps can be taken to reduce the risk of future DOJ investigations and qui tam suits:

  • First, DIB companies should implement and maintain written cybersecurity policies that are consistent with the basic safeguarding requirements of the FAR clause 52.204-21 and, if applicable, DFARS 252.204-7012.
  • Second, DIB companies should develop and foster a culture of compliance throughout the organization, including employee training, internal disclosure controls and/or board oversight on leadership’s management.
  • Finally, contractors should consider a CMMC certification to give themselves a competitive advantage and minimize the risk of other DIB companies not wanting to do business with them because of the cybersecurity risks they pose.

Source:

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.

© PubKGroup 2024