A recent memorandum from the Department of Defense DoD tightens its rules on Cybersecurity standards in its contracts, including actions against non-compliant contractors.
The rampant threats in Cybersecurity have made the DoD more strict with compliance in this field. While the Cybersecurity Maturity Model Certification (CMMC) program is still in the works, the DoD is making sure contracts that handle CDI or Covered Defense Information have systems that meet the cybersecurity standards in the National Institute for Standards and Technology Special Publication 800-171.
The memorandum reiterates what the responsibility of the contractors is, based on NIST SP 800-171. If the contractor is noncompliant, it is considered a material breach, which is a prerequisite for the False Claims Act, the DoD can withhold payments, forgo options in the contract, or even terminate everything.
At the same time the next iteration of the CMMC program, the DOJ also announced the Civil Cyber-Fraud initiative, which targets federal contractors that fail cybersecurity standards.
What does it mean for the government contracting world?
If you are working on a DoD contract, make sure to pay close attention to cyber security standards. The CMMC may not yet be here, but contractors should be prepared for it. Contracts under the DoD are very delicate and significant to our country, the standards are set not to make it difficult for the contractors, but to make it safer for the rest of us.
How can you prepare for such an audit? Get help from people who have been in the know for more than 20 plus years. Peter Witts CPA has helped a lot of government contractors and continues to do so through trusted software and systems that have met every compliance there is. We do not stop learning and adapting our systems so that you can have worry-free government contract accounting.