Menu
Get Support
Free Discovery Session

Watch Out: How The DoD Is Updating Its Cybersecurity Acquisition Process

Peerless Tech Solutions
June 20, 2019

The Special Assistant to the Assistant Secretary of Defense for Acquisition for Cyber, Katie Arrington, recently issued a statement on the DoDs new program for all DoD contractors.  The program, known as the Cybersecurity Maturity Model Certification (CMMC), will require vendors to seek certification from third-party assessment organizations.

Together with the Johns Hopkins University Applied Physics Laboratory and Carnegie Mellon University’s Software Engineering Institute, Arrington is looking to create a unified cybersecurity standard by combining various cybersecurity standards including some of the current requirements in the National Institute of Standards and Technology (NIST) Special Publication 800-171.

As a DoD contractor, you will need to meet this new standard as there will no longer be self-certification since it has proven ineffective. The risk of theft of Controlled Unclassified Information (CUI) from federal contractor systems has considerably increased with time since some businesses have declared themselves compliant before adequately understanding or implementing the required controls. According to the Identity Theft Resource Center, there were 1093 incidences of data breaches in 2016 alone in the US, which was 40% more than in 2015.

What Happens If You’re Not Compliant?

As tempting as it may be, not complying with this new program will have consequences for your business, including:

  • Breach of Contract Damages
  • Termination for Default
  • Liquidated Damages
  • Termination for Convenience
  • Suspension/Debarment

These may seem like extreme measures, but they could potentially afflict your business. It has happened to several businesses, with the US Army processing 1033 suspensions and proposed debarment actions in 2015.

Another huge risk is that the data your company carries will be at a higher risk of hacking. Meeting the standard will improve security at your organization.

Identify Vulnerabilities In Your Systems And Processes

Putting your business under third-party scrutiny for this program will show you where your systems need improving. This is a plus because it means you will then be able to streamline your business and prevent future data breaches.

Costs Associated With A Breach

If your business suffers a breach and government data is compromised because you didn't comply, you will likely face legal action and expect fined. Private entities that are affected could also try to recover damages.

Handling a breach can also be costly, depending on how long it takes to identify it and subsequently contain it.

Loss Of Business

Customers are less likely to engage your services if you have experienced a breach because they no longer trust you. According to a study by Ponemon Institute, 65% reported losing trust in an organization that has been breached, and 31% of respondents said they would stop doing business with them.

There is a lot at stake for your business if you choose non-compliance. It doesn't have to be a complicated process either. You can ask for professional help to ensure you meet NIST controls and the soon-to-be-implemented program.

What To Do About It

Partnering with a professional security service will help your business understand and meet the necessary controls, thus keeping you in business for much longer. Peerless is a great partner for this aspect and will provide solutions for your security needs so you can focus on growing other aspects of the business.

Need help with NIST Compliance?

You've come to the right place! We're experts, specializing in the implementation of NIST Compliance. Follow our simple four step process and we'll help you get NIST compliant in as little as 30 days. Get started today!

Work With Us
NIST Framework | Peerless Tech Solutions

Don't Miss an Article!

You May Also Like

These Stories on Compliance

Subscribe by Email

Get The Latest From Peerless Right in Your Inbox