How Contractors Can Prep for DOD Cybersecurity Rule

Woods Rogers’ Principal and Cybersecurity & Data Privacy Practice Chair Beth Waller and Of Counsel Patrick Austin authored a column for Law360 advising defense contractors and subcontractors on strengthening their compliance posture in advance of the highly anticipated Cybersecurity Maturity Model Certification, better known as CMMC 2.0, which is set to roll out early next year. After the U.S. Department of Defense announced its implementation timeline, “the window of time to try and get CMMC compliant may be starting to close,” Beth and Patrick write.

“The framework for CMMC 2.0 is made up of three ‘levels’ of security controls that defense contractors and subcontractors will be expected to meet based on the sensitivity of information a contractor accesses during the contract,” the authors note. They outline the three levels in terms of who needs to comply and offer suggestions on preparing for CMMC. “Now is the time for defense contractors and subcontractors to analyze their existing security compliance posture and determine whether there are any significant gaps that would make complying with CMMC 2.0 challenging.”

You can access their Law360 column here.