Why Government Contactors are Uncertain of DoD’s CMMC Regulations

After the Department of Defense (DoD) released the Cybersecurity Maturity Model Certification in Jan. 2020, contractors have begun to question the logistics and implementation of the new cybersecurity regulations. The scale and cost of the regulation change has been clouded by uncertainty.

One of the primary concerns is the continued emphasis that the CMMC is a flexible blueprint for effective cybersecurity and will not impose significant compliance or audit costs on smaller contractors and subcontractors. However, contractors have concluded that, at a minimum, the CMMC will require prime contractors to thoroughly assess their existing cybersecurity infrastructure, making it nearly impossible to regulate without cost.

Second, concern has circulated around whether or not CMMC will deter commercial companies and start-ups from participating in DOD contracts. Prior to CMMC contractors have used smaller companies to rapidly contract commercial companies that may prove to have useful military application.

Now, the DD has indicated that CMMC requirements will ultimately be incorporated into OTA contracts, primarily awarded to smaller businesses, raising the specter of increased cybersecurity compliance costs to work under contract. For small, commercially-focused companies that may be unable to readily fund the necessary upgrades.

Third, contractors have asked for clarification on the impact on suppliers that operate further down the DoD supply chain. If the DoD will require downstream suppliers to achieve the same CMMC certification as the prime contractor, that could significantly increase the cost of critical components and drive away potential suppliers.

Potomac Officers Club will host its CMMC Forum 2020 on April 2. Click here to register for the event.

Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, will serve as a keynote speaker at the CMMC Forum 2020. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.

A full expert panel will include Ty Schieber, senior director of executive education and CMMC-AB chairman of the University of Virginia and Richard Naylor of the Defense Counterintelligence and Security Agency (DCSA) among other members of the federal sector and industry.

Register here to join Potomac Officers Club for its CMMC Forum 2020 on April 2nd to learn about the impact DoD’s CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market.

Check Also

A-10 Thunderbolt II

USAF to Hold Virtual Industry Event for Aircraft Control System Redesign Effort

The U.S. Air Force plans to host a virtual industry event from Aug. 25 to 26 to answer queries and obtain input in line with the redesign of the A-10 Thunderbolt II aircraft's central interface control system.