After years of starts and stops, the United States Department of Defense (DoD) has finished its roll-out of the Cybersecurity Maturity Model Certification (CMMC) program with the release of its implementing regulations. This program, first proposed about seven years ago, requires contractors to verify compliance with existing cybersecurity requirements through self-assessments, third-party certifications, or DoD-led reviews.
Last week, the Office of Federal Procurement Policy (OFPP) and the Federal Acquisition Regulatory Council (FAR Council) released three new proposed deviations in their overhaul of the Federal Acquisition Regulation (FAR).
We recently wrote about the Trump administration’s efforts to streamline the Federal Acquisition Regulation (“FAR”). The FAR contains approximately 2,000 pages of regulations that guide hundreds of billions of dollars in acquisitions each year. Some clauses in the FAR are mandated by a statute while others have been adopted over time to fix a problem, institute an Executive Order or because regulators thought it would be a best practice. As detailed in a recent blog, the administration’s current effort is aimed at confining the FAR to provisions mandated by statute “or essential to sound procurement.”
Search
Recent Posts
Categories
Tags
- Code of Federal Regulations
- Commercial Products
- Contractor’s Action Plan
- Cybersecurity
- Cybersecurity Maturity Model Certification
- Defense Contractors
- Department of Defense
- Executive Order
- FAR
- Federal Acquisition Regulations
- Federal Acquisition Regulatory Council
- Federal Contractors
- Federal Contracts
- Federal Government Contractor
- Federal Government Shutdown
- Federal Procurement
- Government Shutdown
- Office of Management and Budget
- Procurement