July 01, 2020 Procurement Lawyer

Cybersecurity: How to Successfully Navigate CMMC & the DFARS

by Reginald M. Jones & Mary Mikhaeel


Reginald M. Jones is a partner and Mary Mikhaeel is an associate with Fox Rothschild LLP in Washington, D.C.

The U.S. Department of Defense (DOD) has long been vigilant in maintaining the security of its own internal computer systems and networks. Now, it is requiring DOD contractors to take aggressive steps to secure their information systems that store, transmit, or process government data in the performance of DOD contracts. The big change for federal contractors is the addition of contract requirements designed to protect unclassified, but nonetheless sensitive, government data. Understandably, contractors want to know what is required, how those requirements can be met, how much it will cost, and whether associated costs are reimbursable.

The purpose of this article is to tie all of the seemingly complex and costly requirements together in one, easy-to-follow document. Part II explains the history of the federal regulations that govern cybersecurity because the rules have evolved over nearly 20 years, and without the history it is hard to understand the present. Parts III and IV provide practical guidance on how to navigate the Defense Federal Acquisition Regulation Supplement (DFARS) contract clauses and Cybersecurity Maturity Model Certification (CMMC) Version 1.0 requirements. Parts V and VI explain the consequences of noncompliance and provide a conclusion.

Premium Content For:
  • Public Contract Law Section
Join - Now