New Cybersecurity Mandates in Federal Contracts: Is Your Firm Ready?-New Cybersecurity Mandates in Federal Contracts Is Your Firm Ready Recording

Video Transcription

Video Summary

This online class presentation, led by attorney Eric Crucis, discusses the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program and its evolving federal cybersecurity requirements for contractors. Eric outlines the historical context, emphasizing the escalating cybersecurity standards across administrations and agencies, including proposed and final rules from FAR, CISA, DHS, and others, which increase incident reporting and compliance mandates.<br /><br />Central to the talk is the CMMC program's shift from self-assessments (NIST SP 800-171 compliance) toward mandatory third-party certifications to verify contractors’ cybersecurity practices. The program features three levels: Level 1 (basic self-certification), Level 2 (third-party assessment for controlled unclassified information), and Level 3 (highest security with additional controls and DoD assessments). The rollout begins December 2024, with full implementation by 2028, affecting over 220,000 defense supply companies. Compliance challenges include identification of Controlled Unclassified Information (CUI), managing subcontractor requirements, and potential False Claims Act risks from inaccurate certifications.<br /><br />Eric stresses proactive preparation due to tight timelines and limited certified assessors, potential impacts on contract awards, and cross-agency expansion of standards. The presentation concludes with a Q&A addressing scope, applicability, and negotiation strategies surrounding cybersecurity clauses in government contracts. Contractors are encouraged to monitor updates, strengthen internal policies, and integrate cybersecurity readiness into procurement strategies.

Keywords

Cybersecurity Maturity Model Certification

Department of Defense

Federal cybersecurity requirements

Third-party certification

NIST SP 800-171

Controlled Unclassified Information

False Claims Act

Government contracts compliance

Defense supply chain