While Cybersecurity Maturity Model Certification 2.0 is still a work in progress, federal contractors should beware of the existing DFARS cybersecurity requirements. The Department of Defense issued a memo on June 16, 2022, directing Contracting Officers to enforce penalties on DoD contractors that fail to comply with DFARS Clauses 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) on contracts not subject to either DFARS 252.204-7020 (DoD Assessment Requirements) or, by implication, DFARS 252.204-7021 (CMMC), which his not currently in effect.
Compliance with DFARS Clauses 252.204-7012 is critical. DoD’s recent memo reminded Contracting Officers of the remedies for noncompliance, which include the government’s options of “withholding progress payments; foregoing remaining contract options; and potentially terminating [contracts] in part or in whole.”
Source:
