February 9, 2023

CMMC Spurs Cybersecurity Awareness, But Don't Sleep on Everything Else

Federal News Network
Eric S. Crusius

Government Contracts attorney Eric Crusius published an article on Federal News Network looking at cybersecurity requirements across federal government agencies. He recounts an experience giving a presentation on cybersecurity requirements for contractors in 2013 to illustrate how much has changed in the last decade, including the introduction of the U.S. Department of Defense's (DOD) Cybersecurity Maturity Model Certification (CMMC) program. He explains that despite some of the frustrations with the program, it has led contractors to think more carefully about cybersecurity, which in turn benefits national security. However, he also notes that a number of agencies beyond the DOD, such as the U.S. Department of Homeland Security, have implemented or will implement their own cybersecurity requirements. Between these new regulations and existing DOD requirements, the compliance landscape for contractors is becoming more and more complex — and that, he argues, creates a regulatory regime that is incongruent and less safe. The article concludes with a call for a single standard like CMMC to be adopted across the entire government and industry.

READ: CMMC Spurs Cybersecurity Awareness, But Don't Sleep on Everything Else

Related Practices

Government Contracts Data Strategy, Security & Privacy Global Cybersecurity and Privacy Policy and Regulation National Security, Defense and Intelligence Litigation and Dispute Resolution

Related Industry

Technology & Telecommunications
Subscribe to Updates and Events
Click to Sign Up

Related Insights