Preparing for the Rollout of the Cybersecurity Maturity Model Certification: It Is All about the Timing

Michael Joseph Montalbano

The Department of Defense (“DoD”) is expected to begin rolling out the Cybersecurity Maturity Model Certification (“CMMC”) program later this year. As a brief refresher, the CMMC is a certification system implemented by DoD to protect Controlled Unclassified Information (“CUI”) and other sensitive contract information. There are five CMMC levels of ascending sophistication. The most common CMMC levels are expected to be Level 1 and Level 3. Level 1 will require contractors to put into place basic safeguarding practices to protect federal contract information. Level 3 will require contractors to put into place more stringent safeguarding practices that are designed to protect CUI. Contractors receive their CMMC after they pass an assessment by a CMMC Third Party Assessment Organization (“C3PAO”) or an individual assessor.

Although DoD will not fully implement the CMMC program until 2026, more and more contracts will require offerors to hold a CMMC demonstrating that their organizations have implemented the necessary cybersecurity controls. A nightmare scenario for any defense contractor is to find itself unable to compete for a lucrative DoD contract due to insufficient time to obtain the required CMMC before proposal deadlines. Fortunately, the Accreditation Body (“AB”) that is responsible for rolling out the CMMC program has provided estimated timelines for contractors seeking a CMMC. Continue reading “Preparing for the Rollout of the Cybersecurity Maturity Model Certification: It Is All about the Timing”

A Federal Contractor’s Five-Part Guide to the CARES Act

On March 27, 2020, the Coronavirus Aid, Relief and Economic Security Act (“CARES Act”) was signed into law. This massive $2.2 trillion economic package provides a host of opportunities and resources for all varieties of federal contractors—from those who need financial assistance through the coronavirus pandemic to those who can leverage their resources to assist the federal government in its response.

The five timely posts below discuss discrete portions of the CARES Act, how they might affect federal contractors, and what federal contractors can do to take advantages of the many programs and opportunities offered under the Act. Please contact us for assistance with any of these, or other components, of the Act.

1. The CARES Act Provides Much Needed Financial Relief for Small Businesses

Michael Joseph Montalbano
This article discusses the expanded $349 billion loan program set aside for small businesses under the CARES Act.

2. CARES Act § 3610: An Immediate Lifeline for Qualifying Federal Contactors Displaced by COVID-19

Michael J. Slattery
This article discusses § 3610 of the CARES Act, which provides funds that federal agencies can use to alleviate disruptions to federal contractors caused by the coronavirus pandemic.

 3. CARES Act Grant Programs: Searching for Opportunity in the Coronavirus Relief Effort

Tjasse L. Fritz
This article discusses the wealth of grant programs available to federal contractors and other businesses under the CARES Act.

4. CARES Act: Significant Funds for Defense Department and Defense Contractors

Adam Proujansky
This article discusses the billions of dollars in loans, loan guarantees, and other financial assistance available through the Department of Defense to defense industry contractors.

5. New Contracting Authorities and Preferences Established under the CARES Act

Albert B. Krachman
This article discusses new contracting authorities delegated under the CARES Act as well as sole source opportunities available under the Act.

As COVID-19 issues permeate virtually all aspects of commerce nationally and internationally, we stand ready to help. Blank Rome’s Coronavirus (“COVID-19”) Task Force includes interdisciplinary resources across every business sector from insurance recovery to HR.

The CARES Act Provides Much Needed Financial Relief for Small Businesses

Michael Joseph Montalbano

On March 27, 2020, Congress passed, and the President signed into law, the Coronavirus Aid, Relief and Economic Security Act (“CARES Act”). The CARES Act is a massive $2.2 trillion law designed to stabilize the United States’ economy as the country deals with the novel coronavirus COVID-19.

One major component of the CARES Act is the $349 billion set-aside to provide relief for small businesses in the form of loans and other financial resources. Here we discuss the major components of this program that all small businesses need to know before deciding whether they should apply for one of these loans. Continue reading “The CARES Act Provides Much Needed Financial Relief for Small Businesses”

New DoD Cybersecurity Regulations Are Coming—Is Your Company Ready?

Michael Joseph Montalbano

In January, the Department of Defense (“DoD”) released more information on its much-anticipated Cybersecurity Maturity Model Certification (“CMMC”) framework. While a final rule is not expected until the fall, contractors need to begin preparing now so they do not miss out on DoD contract opportunities.

What Is the CMMC?

The CMMC is a certification system that all DoD prime and subcontractors must comply with to be eligible to compete for and perform future DoD contracts. Under the new CMMC requirements, an accreditation body tapped by DoD will begin training third-party assessors in the spring of 2020, who will in turn certify defense contractors under the CMMC. There will be five CMMC certification levels, of ascending sophistication:

    • Level 1 – Basic Cyber Hygiene
    • Level 2 – Intermediate Cyber Hygiene
    • Level 3 – Good Cyber Hygiene
    • Level 4 – Proactive
    • Level 5 – Advanced / Progressive

The contractor must comply with a combination of the following cybersecurity safeguards, depending on the certification level a contractor wants to achieve: (1) FAR 52.204 (Basic Safeguarding of Covered Contractor Information Systems); (2) NIST Special Publication 800-171 Revision 1 (“NIST Requirements”); (3) select subsets of a supplement to the NIST Requirements called NIST SP 800-171B; and (4) up to 171 “practices” identified in the CMMC. Though this may sound like a lot for contractors to process, DoD has released helpful appendices that put many of the requirements in easy-to-understand terms. Continue reading “New DoD Cybersecurity Regulations Are Coming—Is Your Company Ready?”

Agency Protests: An Emerging Tool and Potential Threat for Contractors

Merle M. DeLancey Jr. and Michael Joseph Montalbano

In May 2018, the Government Accountability Office (“GAO”) implemented a $350 filing fee for bid protests. There are differences of opinion regarding why GAO implemented the fee. GAO publicly states that the fee was implemented to cover the costs of its new Electronic Protest Docket System (“EPDS”). Many, however, believe the fee was implemented to deter the filing of frivolous protests. Regardless, there “may” be an unintended consequence of the protest filing fee—an increase in agency-level protests. Recently, several agency contracting officers have stated that they are handling more agency protests, and, in their opinion, it is a direct result of GAO’s protest filing fee. As a result, contractors should understand and be prepared to mitigate the risk of agency protests to protect their contracts and position themselves for new ones.

Pros and Cons of Agency Protests Continue reading “Agency Protests: An Emerging Tool and Potential Threat for Contractors”

Cybersecurity Could Make or Break Defense Contractors’ Chances of Future Awards

Michael Joseph Montalbano

Cost, schedule, and performance, the three pillars of defense procurement, may soon be accompanied by a fourth pillar: cybersecurity. As the nature of warfare evolves away from pure kinetic capabilities to the asymmetric, cyber realm, the Department of Defense (“DoD”) has had to grapple with the reality that its defense contractors are prime targets for infiltration. Indeed, in the February 2018 Worldwide Threat Assessment, Director of National Intelligence Daniel Coats specifically identifies defense contractors and IT communications firms as the primary focal points of China—one of the United States’ primary cyber adversaries. As a result of this new reality, DoD has begun the process of revamping the defense procurement system to place greater emphasis on cybersecurity. In response to these moves by DoD, contractors should take a fresh look at their current operations to identify their own cyber vulnerabilities as well as the vulnerabilities of their subcontractors, suppliers, and other partners. Without adequate preparation, contractors risk finding themselves at a significant disadvantage during future contract bids. Continue reading “Cybersecurity Could Make or Break Defense Contractors’ Chances of Future Awards”