Cybersecurity & Data Privacy

BLOG: DoD's Upcoming Cybersecurity Maturity Model Certification (CMMC): Still on Target?

January 10, 2020
By Jon Williams and Anna R. Wright
PilieroMazza has been blogging a lot over the past year about the Department of Defense's (DoD) highly anticipated CMMC. And there has been a lot to say, from the early stages of CMMC as a new "overarching standard," to its first public draft release, through its first major streamlining, and finally to its latest public draft release in early December 2019. The pace of developments is expected to increase in 2020 as DoD releases a compliance checklist, finalizes the certification standards, and begins accrediting third parties that will ultimately issue CMMCs to contractors. With CMMC expected to become a requirement of certain DoD contracts by the end of this fiscal year, CMMC truly is a game-changer for any government contractor working directly for DoD or in the DoD supply chain.
[READ MORE]

BLOG: Open-Source Software in Federal Procurements: The Good, the Bad, and the Ugly, Part 1 – The Good

January 2, 2020
By Isaias "Cy" Alba IV
Open-source code is all the rage. With developers at Fortune 500 companies and hobbyists alike using it to make better products and cut development costs, it is ubiquitous in the commercial market, and government contractors are catching the buzz. Faced with ever-evolving software regulations, though, they need facts before dealing with a federal buyer. In this short blog series, we will walk through the key benefits, drawbacks, and risks associated with use of open-source code in government contracting, especially at the federal level. Indeed, when it comes to the use of open-source software, all contractors should be aware of the "good," the "bad," and the "ugly."
[READ MORE]

BLOG: Cybersecurity Maturity Model Certification (CMMC): The Final Countdown

December 18, 2019
By David T. Shafer and Anna R. Wright
PilieroMazza recently wrote about the Department of Defense's (DoD) release of revision (rev.) 0.6 of its Cybersecurity Maturity Model Certification (CMMC), which only addressed certification Levels 1–3. DoD has now released rev. 0.7. All DoD contractors will be required to obtain CMMC certification in the coming months to show their IT systems' capabilities with respect to protecting DoD sensitive information. Rev. 0.7 gives updates at all Levels. Additionally, rev. 0.7 contains new discussion and clarifications for Levels 1–3 and for the application of maturity levels to different capability domains. Below, we decipher primary concerns for DoD contractors.
[READ MORE]

BLOG: Turning Compliance Into a Competitive Edge: Cybersecurity Maturity Model Certification (CMMC) Levels 1 – 3 Update

November 26, 2019
By Anna R. Wright
PilieroMazza previously wrote at some length about the Cybersecurity Maturity Model Certification (CMMC), particularly following release of revision (rev.) 0.4 for public comment. The Department of Defense (DoD) has now released rev. 0.6 for public comment and review. Rev. 0.6 incorporates the public comments resulting from review of rev. 0.4 and, pursuant to those comments, has significantly streamlined the requirements present in rev. 0.4. DoD government contractors will need to prepare for the implementation of CMMC in order to use their compliance as a competitive edge.
[READ MORE]

BLOG: Start Preparing Now for DoD's Upcoming Cybersecurity Maturity Model Certification (CMMC)

September 27, 2019
By Jon Williams and Emily J. Rouleau
For a while now, we have been writing about the increasing impact of cybersecurity on the government contracting world, which, as Jon wrote, has become the "fourth pillar" of Department of Defense (DoD or the Agency) acquisitions. The latest evidence of this was discussed by our colleague, Dave Shafer, in his recent blog discussing a new DoD cybersecurity certification. This certification, called Cybersecurity Maturity Model Certification or "CMMC," will significantly alter the DoD-acquisition landscape next year. Indeed, when this certification requirement comes online, all DoD contractors will be required to have CMMC to bid on, win, and retain new DoD contracts.
[READ MORE]
Please fill following information to download presentation