Advising Clients: Real-World Scenarios & the Proposed Cybersecurity Maturity Model Certification Program

CMMC is a program the U.S. Department of Defense (DoD) proposed to establish a third-party certification regime to validate that defense contractors are meeting security requirements to protect controlled unclassified information (CUI) that is processed, stored, or transmitted on their internal information systems. Under the proposed program, third-party certification is only required if a contractor is handling CUI. CMMC is designed to replace or augment DoD’s existing system, which relies on contractors’ self-attestations of cybersecurity compliance. CMMC is designed to replace or augment DoD’s existing system, which relies on contractors’ self-attestations of cybersecurity compliance.

Click here to view the full article on The Procurement Lawyer*.

©2024. Published in The Procurement Lawyer, Vol. 59, No. 4, Summer 2024, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder.