DoD Will Require New Cybersecurity Standards in 2020: Could Other Agencies Be Next?

Businessman outdoors looking down at laptop screen

The DoD has provided only limited information about the new standard.

September 9, 2019
Alexander Gorelik - Smith Currie

The Department of Defense (DoD) has announced a new five-tier standard for cybersecurity certification, which it calls the Cybersecurity Maturity Model Certification, or “CMMC”. Taking an unusual approach to informing the industry, the DoD has provided only limited information about the new standard through its website and a “road tour” led by the newly-appointed head of the DoD’s Chief Information Security Office (CISO), Ms. Katie Arrington.

During her recent presentation at the National Institute of Standards and Technology’s (NIST’s) Information Security and Privacy Advisory Board (ISPAB) meeting, on August 8, 2019, Ms. Arrington revealed several new details about the requirements. Outlined below are the most significant facts from that presentation and the DoD’s website:

All companies doing business with DoD (and all tiers of subcontractors) will need to obtain CMMC certifications.

DoD will require the new certifications from all contractors (including suppliers and subcontractors) that are performing under a DoD contract. Even contractors that do not process or handle Controlled Unclassified Information (CUI) must obtain CMMCs.

Mr. Gorelik may be contacted at agorelik@smithcurrie.com



714.701.9180

Arrange No Cost Consultation

 

Construction Defect Journal is aggregated from a variety of news sources, article submissions, contributors, and information from industry professionals.

No content on this site should be construed as legal advice or expert opinion. By viewing this site you agree to be bound by its terms and conditions

 

Copyright 2019 - Construction Defect Journal – All Rights Reserved