DOD Finalizes CMMC Rules, Adding Cybersecurity and False Claims Act Compliance Risks

Source: MORGAN LEWIS

The long-anticipated Cybersecurity Maturity Model Certification (CMMC) requirements begin to take effect on November 10, as the US Department of Defense (DOD) published its Defense Federal Acquisition Regulation Supplement (DFARS) final rule that incorporates these new cybersecurity requirements into federal contracts.

Although CMMC requirements will be mandatory for some DOD contracts under which Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) is processed, stored, or transmitted, civilian agencies have discretion to include their own CMMC requirements in their contracts.

This development means that companies doing business with the DOD or civilian agencies should ensure that their cybersecurity systems are prepared to meet the CMMC audit and certification requirements.

Click HERE to learn more.