View of the Pentagon in Arlington, VA overlooking Washington Monument
Alerts Archive

DOD Issues Interim Final Rule Assessing Contractor Implementation of Cybersecurity Requirements

By Office of Advocacy

On September 29, 2020, the Defense Acquisition Regulations System issued an interim final rule to implement the DoD’s Cybersecurity Maturity Model Certification. The interim final rule seeks to assess contractor implementation of cybersecurity procedures requirements to further strengthen protection of classified materials throughout the supply chain. The rule allows for a five-year phase-in with different levels of certification requirements for DOD contracts. Additionally, the rule requires some contractors who want medium- or high-level work to open themselves up to a DOD review.

The new rule also requires that contractors undergo a third-party audit. The rule is written in such a way that most of the auditing will be done by third parties, but some might be done by the Cybersecurity Maturity Model Certification Audit Board itself.

Comments on the interim final rule are due November 30, 2020.

  • Read the Federal Register notice here.
  • Submit comments here.

Advocacy Contact: Major Clark III

Office of Advocacy 2026 posts 0 comments

Created by Congress in 1976, the Office of Advocacy of the U.S. Small Business Administration (SBA) is an independent voice for small business within the federal government.

You might also like More from author

Comments are closed.