Posts

Showing posts with the label TRICARE

CMMC Cybersecurity Rules Are Rolling Into Defense Contracts

US defense contractors are now encountering CMMC cybersecurity requirements in their contracts. Ambika Biggs of Hirschler reviews the program’s structure, the levels at which contractors may self-certify and where inaccurate certifications have drawn False Claims Act scrutiny from the Justice Department. A US government focus on cybersecurity is not new. DFARS 252.204-7012 , which is included in defense contracts involving controlled unclassified information (CUI), became effective in 2016. However, after a defense department inspector general report in 2019 found that defense contractors were not consistently implementing security requirements to protect CUI, the defense department developed the cybersecurity maturity model certification (CMMC) program to assess implementation of cybersecurity requirements by defense contractors and subcontractors.  A final rule was published in November 2020 and became effective in 2024; the department began incorporating CMMC program requirem...