CMMC:  The Legal and Contractual Implications

Date / Time:

August 31, 2021 / 3:10 pm ET

Event Type:


Event Name:



In person event


Visit this link to register.


The Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) is designed to provide increased assurance that contractors can protect sensitive unclassified information.  There are obviously important technical considerations for federal contractors as they prepare for CMMC.  As outside counsel to federal contractors, we see that CMMC is raising several key legal and contractual implications as well.  The legal and contractual considerations range from implementing adequate policies and procedures to comply with the ongoing evolution of federal cybersecurity regulations, President Biden’s Executive Order on Improving the Nation’s Cybersecurity, and how the contractor’s internal contracting processes will handle flow-down and risk shifting related to CMMC in relationships with other contractors.  In our view, how federal contractors manage these legal and contractual issues is just as important as how well prepared they are for CMMC from an IT standpoint.

Join Jon Williams and Anna Wright, attorneys on PilieroMazza’s Cybersecurity & Data Privacy Team, as they cover the legal and contractual implications of CMMC for government contractors.

They’ll focus on:

  • implementing a robust internal compliance program;
  • incident response plans to address potential cyber breaches;
  • flow-down of CMMC and other cybersecurity requirements between prime contractors and subcontractors;
  • cost allowability for CMMC implementation; and
  • other legal and contractual issues you may face as you prepare your business for CMMC adhere to current federal cybersecurity requirements.