The cost to comply with DoD's new cybersecurity requirements to be reimbursable on cost contracts | Georgia Tech Procurement Assistance Center

Law360 published an article recently with the title, “DoD Official Says Cyber is an Allowable Contractor Cost.” The article states that the U.S. Department of Defense (DoD) will allow defense contractors to treat the costs of bringing their cybersecurity programs in line with DoD requirements as an allowable cost and, therefore, reimbursable. Specifically, at the June 14, 2019 Professional Services Council’s Federal Acquisition Conference, DoD special assistant for cybersecurity Katie Arrington said, “security is an allowable cost.”

Further, Law360 reported that in May, DoD said it was developing a “Cybersecurity Maturity Model Certification” (CMMC) program to build on the Defense Federal Acquisition Regulation Supplement regulation (DFARS § 252.204-7012(b)(2)) that requires defense contractors to implement the security controls in the National Institute of Standards and Technology’s Special Publication (NIST SP) 800-171. The security controls are intended to protect covered defense information on nonfederal systems. DoD said the CMMC will require defense contractors to get third-party audits of their compliance with the NIST SP 800-171 controls, down through their supply chains.

Arrington told the conference attendees that the CMMC will be developed by DoD working in conjunction with the Johns Hopkins University Applied Physics Lab and Carnegie Mellon University Software Engineering Institute. The goal is to develop one unified standard for cybersecurity. This standard will include five different levels of required cybersecurity protections, from a level one of “basic hygiene,” which will be cheap and straightforward enough that a small business could meet it, to level five for “state-of-the-art” protections. Arrington said that DoD has planned 12 related industry days across the United States in July and August to work in a collaborative manner with defense contractors to improve cybersecurity practices in the CMMC plan. Acknowledgments to Daniel Wilson and Law360 for reporting these developments.

Continue reading at: Taft Stettinius & Hollister LLP

The cost to comply with DoD’s new cybersecurity requirements to be reimbursable on cost contracts

Contracting News

NDAA requires Contracting Officers to provide information to unsuccessful offerors for task and delivery orders valued under $5.5 million

Recent cases indicate viability of False Claims Act liability connected to federal cybersecurity standards

Justice Department recovers over $3 billion from False Claims Act cases in FY 2019

How the Navy SEALs wound up buying 450 counterfeit radio antennas

Lockheed Martin’s Marietta GA facility wins major C-130J contract

Contracting Tips

In certain circumstances the government may waive strict compliance with construction specifications

Getting Ready for CMMC (Resources and Links)

You may have a choice in how to calculate your size

GSA’s big changes in 2020, Part 2

COFC highlights importance of proving damages in CDA claims

GTPAC News

Save the date: 2020 Robins Air Force Base requirements symposium to be held March 26, 2020

GSA hosting Federal Acquisition Service Training Conference in Atlanta, GA April 14-16, 2020

DOAS and Georgians First Commission hosting Georgia Small Business Symposium Feb. 12, 2020

SBA hosting access to capital forum Sept. 16th

Recent DoD contract awards (Aug. 15 – 28)

Georgia Tech News

$25 million project will advance DNA-based archival data storage

Georgia Tech collaborates with IBM to develop software stacks for quantum computers

Georgia Tech’s 100,000th living engineering graduate

President Cabrera’s First Week

Research, sponsored activity awards top $1 billion at Georgia Tech