CMMC: The Legal and Contractual Implications
Date / Time:
August 31, 2021 / 3:10 pm ET
In person event
Visit this link to register.
The Department of Defense’s (DOD) Cybersecurity Maturity Model Certification (CMMC) is designed to provide increased assurance that contractors can protect sensitive unclassified information. There are obviously important technical considerations for federal contractors as they prepare for CMMC. As outside counsel to federal contractors, we see that CMMC is raising several key legal and contractual implications as well. The legal and contractual considerations range from implementing adequate policies and procedures to comply with the ongoing evolution of federal cybersecurity regulations, President Biden’s Executive Order on Improving the Nation’s Cybersecurity, and how the contractor’s internal contracting processes will handle flow-down and risk shifting related to CMMC in relationships with other contractors. In our view, how federal contractors manage these legal and contractual issues is just as important as how well prepared they are for CMMC from an IT standpoint.
They’ll focus on:
- implementing a robust internal compliance program;
- incident response plans to address potential cyber breaches;
- flow-down of CMMC and other cybersecurity requirements between prime contractors and subcontractors;
- cost allowability for CMMC implementation; and
- other legal and contractual issues you may face as you prepare your business for CMMC adhere to current federal cybersecurity requirements.