The announcement of CMMC in Spring 2019 created confusion for contractors and suppliers regarding cybersecurity and compliance requirements. With the release of CMMC V1 and its implementation plan, it’s now clear that NIST 800-171 isn’t going away anytime soon. Contractors remain responsible for the determining the security of their subcontractors through their subcontractors’ self-attestation to 800-171. To enforce compliance, DCMA is stepping up audits of both contractors and suppliers and has already charged those that have misrepresented compliance under the False Claims Act.
CMMC Is Here, But NIST 800-171 Isn’t Going Away Anytime Soon
About the Author: Michael Hackmer
Michael Hackmer is part of the ISMS strategic team focused on cybersecurity. At ISMS Applications, our mission is to provide technology that cost effectively automates the building and maintenance of compliance policies for the small to medium sized business (SMB) market, fostering security across the entire supply chain.