Cybersecurity Compliance for Government Contractors



Your business is at risk of losing government contracts.

If you are storing data, transferring data, emailing files, saving files or viewing files on your computer that are used for project or product development for government contracts or subcontracts, you may need to reach one of the five levels of compliance. Each level of compliance requires different elements of security measures.  To learn more about which level you may be required to reach, refer to the Cybersecurity Maturity Model Certification Guide.

Any company working with federal contract information must provide evidence of security protections and compliance or risk the loss of contract awards and the ability to compete for future awards. Government contractors or subcontractors must demonstrate “adequate security” as specified by NIST 800-171 and have cyber-incident policies and procedures in place that meet the DFARS requirements.

The CMMC framework contains five maturing processes and 171 cybersecurity best practices progressing across five maturity levels. The CMMC maturity processes include cybersecurity activities to ensure they are consistent and reliable.

Some examples of lower level compliance requirements for even the smallest of contracts are:  password hygiene, multi-factor authentication, file storage security, and user privacy. Other, higher security contracts may require more complex measures such as remote access restrictions, audit logs, and data segregation.  

Missing just one of these requirements is enough to earn violations in compliance, which can in some cases result in losing eligibility for future contracts.

This is a Legal Mandate

In 2019, the Department of Defense (DoD) announced the implementation of the Cybersecurity Maturity Model Certification (CMMC), which ranks contractors based on their cyber hygiene and is based on the NIST 800-171 framework. Beginning in 2020, the CMMC will be a requirement for all DoD contractors to be able to participate in RFIs and bid on RFPs.


Recent Posts