While attention is necessarily focused on the nation’s response to COVID-19, defense contractors should not put aside the need to prepare to meet DoD’s Cybersecurity Maturity Model Certification (CMMC) requirements. In fact, early this month the CMMC Accreditation Body announced on its website it had signed a Memorandum of Understanding (MOU) with DoD related to implementing CMMC, and is working to make more information about the agreement public. Even if DoD’s phased CMMC rollout is delayed, it is not likely to be materially changed. COVID-19 may provide immunity to those who go through it, and hopefully a vaccine for those who don’t, but these protections will not apply to cybersecurity threats to the defense industrial base. The rollout of these CMMC requirements is a matter of “when,” not “if.” Coupled with the structural change from self-certification to third-party audit, CMMC represents a sea change in the compliance requirements facing DoD contractors (and potentially those doing business with other government entities) that DoD contractors will be unable to implement overnight. DoD contractors – and their supply chains – should be proactive in responding to these requirements if they want to continue to do business with the Defense Department.

Click here to read the full article.