Cybersecurity, Privacy, & AI

Trending Now
NT Concepts Appoints Mark Cabrey as CEO to Drive AI-Focused Defense Modernization • Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns • Bipartisan Senate Bill Calls for Agencies to Report AI-Related Job Cuts • Court Reimposes Original Sentence for Capital One Hacker • Pentagon Looks to Get Pulse of Small Businesses as CMMC Looms
Published on October 15, 2020 • Cyber

DOD Interim Rule on Cybersecurity Adds New Obstacles to Contract Award

DOD Interim Rule on Cybersecurity Adds New Obstacles to Contract Award

The Department of Defense has released a long awaited interim rule on contractor cybersecurity requirements, which creates a two-pronged approach for full Cybersecurity Maturity Model Certification compliance by October 2025.

First, contractors must submit NIST SP 800-171 assessments to the Supplier Performance Risk System to be eligible for any future contract or task/delivery order award. New contracts or task/delivery order awards will also require contractors to grant the government access to their facilities to perform higher level NIST SP 800-171 assessments. This requirement is related to, but separate from, CMMC.

Second, the interim rule will allow contracting officers to include CMMC requirements in future contracts with approval from the Office of the Under Secretary of Defense for Acquisition and Sustainment. All DoD contracts and subcontracts will require CMMC by October 2025.

More at Smith Pachter McWhorter

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.

© PubKGroup 2024