Newsline

On Sept. 9, the U.S. Department of Defense issued a final rule implementing its Cybersecurity Maturity Model Certification Program into the Defense Federal Acquisition Regulation, requiring federal contractors and subcontractors competing for DOD contracts to demonstrate continued compliance with a range of cybersecurity measures in order to maintain eligibility for performing and winning new federal awards.

On Aug. 15, the U.S. Department of Defense issued a proposed rule, Assessing Contractor Implementation of Cybersecurity Requirements, which seeks to implement contractual requirements for DOD contracts related to the recently proposed Cybersecurity Maturity Model Certification 2.0 Program. As currently proposed, the rule raises serious concerns regarding a lack of clear definitions and flexibility for federal contractors on DOD projects.