Coming in September: Final CMMC DFARS Rule and More

Changes to the FAR/DFARS imposed by the recent Executive Order on Increasing our Nation’s Cybersecurity and the expected publication of the Final Rule for CMMC are now both expected in September, although the exact dates are still unknown. With all the expected changes, October promises to be a very busy time for defense contractors!

CMMC and the Cybersecurity Executive Order

The Executive Order issued May 12, 2021 on Improving the Nation’s Cybersecurity casts some clouds over the CMMC program. This article provides short-term guidance for defense contractors.

CUI and Contractor Cybersecurity Obligations Decision Trees

Are you looking for a straightforward way to understand what is/isn’t likely to be Controlled Unclassified Information (“CUI”)? Is your prime/mid-tier contractor asking you for copies of your System Security Plan (“SSP”), Plan of Action and Milestones (“POA&M”), 800-171 assessment results, or other information when you didn’t even realize you needed them? We have added CUI and cybersecurity obligation decision trees to the CMMC Information Institute’s collection of free tools. We are also hosting an event on May 7, 2021 at 11:00 AM to discuss the decision trees and help take the mystery out of CUI.

New DFARS Rule 252.239-7098

On April 2, 2021 DoD announced the creation of a new DFARS rule 252.239-7098 that will impact contractors establishing or maintaining computer networks for the Department.