Cybersecurity, Privacy, & AI

Trending Now
What Business Leaders Need to Know About Cybersecurity Certification and Enforcement in 2025–2026 • NRC Efficiency Plan to Reuse DOE, DoD Data Met With Skepticism • Closed Briefing Sets Stage For House Hearing On Anthropic’s Mythos and Cyber Risks • CISA, G7 Partners Release AI Software Bill of Materials Guidance • OMB to Refresh the Federal IT Dashboard
Protests & Claims Newsletter Cyber & Privacy Newsletter Compliance & Enforcement Newsletter Development Newsletter Transforming Procurement Newsletter
Published on February 13, 2020 • Cyber

Who Pays for CMMC Certification?

Who Pays for CMMC Certification?

Stokkete | Shutterstock

With the announcement of the Cybersecurity Maturity Model Certification version 1.0, attention is turning to the question of who is going to pay the significant costs associated with the certification and work necessary to comply. DoD has been less than clear about whether contractors can seek reimbursement for these costs, or claim costs as an allowable indirect cost.

Attorneys at Fox Rothschild speculate that the cost of certification itself might be covered, but not the greater costs associated with becoming compliant as a reimbursable direct cost. The CMMC level involved may be a factor. “Since complying with CMMC level 3 is the equivalent to complying with DFARS 252.204-7012, it should follow that, at a minimum, the cost of Level 3 certification should be an allowable cost,” they note.

More at Fox Rothschild

Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.

© PubKGroup 2024