Weekly Email
Schedule
Contact
Cart
Login
Corporate Solutions
Corporations
FPS Corporate Solutions
empower prime and subcontractor organizations to take a more strategic and planned approach to the critical task of government contract compliance training.
Government Agencies
Invest in your agency's success with
FPS Corporate Solutions
government contracts training. We'll equip your team with the essential skills and knowledge to navigate complex regulations.
Small Businesses
FPS Corporate Solutions
for Supply Chain and Small Businesses provides industry-leading training at a low price for SBA 8(a), Native American, VOSB, HubZONE, and International Concerns.
Non-Profits
FPS Corporate Solutions
can package training for contract managers, grants administrators, attorneys, finance and more for research institutions, universities, and state governments.
Products
Events
Spend 1 to 5 days immersed in government contracting topics and networking.
Classroom Courses
Scheduled year-round, these courses offer you a hands-on way to learn.
Virtual Courses
Attend courses live in a virtual classroom providing real-time interaction with instructors.
Webinars
FPS Webinars bring you quality training in an easily digestible 1- 2-hour webinar format.
Certificate Programs
Build expertise in specialized areas - update your professional profile; advance your career.
Custom In-House
Bring training onsite for your team for a completely relevant and focused course experience.
Learning Resources
Connect
A repository of "just-in-time" informal learning resources critical to the government contractor.
How Can We Help?
Find answers to the most commonly asked questions right here.
Learning Paths
Career growth and excellence depend on continuous development. FPS provides learning paths for federal contractors of all levels.
Customer Stories
FPS empowers thousands of customers with high-quality, impactful, and effective learning experiences. Hear what they're saying.
Credentialing
Accreditation
Federal Publications Seminars offers Continuing Legal Education (CLE) credit US states that have mandatory CLE requirements, along with Continuing Professional Education (CPE) / NASBA credit. In addition, we are a provider of CLP credit, required by the Defense Acquisition Workforce.
Digital Badging
Digital badging is a modern way to display your achievements. FPS has partnered with Credly to provide you with a digital version of your credentials. You can earn FPS/Credly Digital Badges for select FPS courses and ALL FPS Certificate programs.
CMBOK
FPS proudly embraces the National Contract Management Association's (NCMA) ANSI Approved Contract Management Standard™ (CMS™) and the Contract Management Body of Knowledge (CMBOK®) as the cornerstone for hiring, career development, and training of contract management professionals.
Company
About Us
FPS offers the highest quality government contracts training in the industry - to help organizations stay current, compliant, and competitive.
Sponsorship
Partner with FPS to expose your brand, industry knowledge, and thought leadership to our government contracting professional communities.
Who We Work With
FPS serves government contractors, government agencies, accounting & consulting firms, non-profits, and more.
Newsroom
News and press releases from around the Federal Publications Seminars world.
Subscribe
Professional
Premium
OnePass
Unlimited access to all webinars, and more
for 1 year.
(12 months from the date of purchase)
Unlimited access to ALL FPS Online content including virtual courses, webinars and more
for 1 year.
(12 months from the date of purchase)
Unlimited access to ALL classroom and virtual courses, events, webinars, certificates and more
for 1 year.
(12 months from the date of purchase)
$895.00
/ year / person
Learn More
Group Quote
$2,195.00
/ year / person
Learn More
Group Quote
$3,195.00
/ year / person
Learn More
Group Quote
Professional
Unlimited access to all webinars, and more
for 1 year.
(12 months from the date of purchase)
$895.00
/ year / person
Learn More
Group Quote
Premium
Unlimited access to ALL FPS Online content including virtual courses, webinars and more
for 1 year.
(12 months from the date of purchase)
$2,195.00
/ year / person
Learn More
Group Quote
OnePass
Unlimited access to ALL classroom and virtual courses, events, webinars, certificates and more
for 1 year.
(12 months from the date of purchase)
$3,195.00
/ year / person
Learn More
Group Quote
Schedule
Contact
Cart
Login
Sign Up For Our Weekly Emails
Get the latest updates on special offers, courses, events, webinars and books from Federal Publications Seminars.
First Name
Last Name
Email
Phone
Title
Organization
Areas of Interest
Accounting, Costs and Pricing
Advanced Topics
Artificial Intelligence
Business Development
Compliance
Construction Contracting
Cybersecurity
FAR
Government Contracting
Grants
Intellectual Property
International Contracting
Personal Development
Small & Medium Businesses
Subcontracting
Sign Up
Thank You
You'll soon be receiving updates about special offers, events, & more.
Get 10% Off Your Next Purchase
Sign Up For Our Emails
Email
Name
Title
Organization
Sign Up
Thank You
You'll soon be receiving updates about special offers, events, & more.
Cart
Home
>
Resources
>
Connect
>
Browse
>
Industry Blogs
The Pentagon's CMMC Program Takes a Big Step Forward
Share This
Aug 27, 2024
The U.S. Department of Defense (DOD)
issued the proposed Defense Federal Acquisition Regulation Supplement (DFARS) rules
that will implement the Cybersecurity Maturity Model Certification (CMMC) program. These rules, which will be placed into all DOD contracts, will require all contractors to self-certify or obtain a third-party certification prior to beginning work on any DOD contracts. The kind of certification necessary will be dependent on the level of security necessary for the information generated or stored under the contract. Comments on the proposed rule are due on Oct. 15, 2024.
There are two sets of rules that will be utilized when the CMMC program is fully formed. The first, issued under Title 32 of the Code of Federal Regulations (CFR), establishes the CMMC program. These were initially proposed on Dec. 26, 2023, and the U.S. Office of Management and Budget (OMB) is reviewing the final regulations, with release expected before the end of the year. The second set of rules, which are the subject of this blog, are issued under Title 48 and will be placed in DOD contracts and refer back to the Title 32 rules.
If adopted as proposed, these rules will require contractors to have a current CMMC assessment at the time of award and maintain that assessment for the duration of the contract. Contractors without a required assessment will not be awarded a contract, and contractors who fail to maintain an assessment during the contract period will be subject to termination.
Further, to better track compliance, each contractor-assessed system will be tagged with a DOD unique identifier (UID), and if any of the systems supporting the performance of the contract change, the contractor is responsible for updating the UID with the contracting officer. The proposed rules offer important insights into the CMMC program:
Subcontractor Compliance.
DOD notes that prime and higher-tiered contractors will not have access to DOD databases to verify that companies have the certification level claimed. It is DOD's position that that is an issue for the parties to work out themselves. Prime contractors or higher-tiered subcontractors should address this issue in subcontract agreements.
Additional Incident Notifications.
In the proposed regulation, DOD states that contractors are required to "[n]otify the Contracting Officer within 72 hours when there are any lapses in information security …" It is unclear what a "lapse" in information security is versus incident notifications required under DFARS 252.204-7012. This, of course, adds an additional notification requirement for contractors with Controlled Unclassified Information (CUI) and adds a new one for contractors that have Federal Contract Information (FCI) (which maps to a CMMC Level 1 self-assessment).
Assessment Change Notifications.
Contractors will also have to notify the contracting officer within 72 hours if there is a change in CMMC certificate status or assessment level.
International Companies and Systems.
DOD makes clear that companies or systems outside the U.S. will be held to the same standards as their U.S.-based counterparts. There are additional challenges, including host nation restrictions on foreign review of information systems and finding a certified third-party assessment organization (C3PAO) capable of conducting a review outside the U.S.
Implementation Timing.
DOD notes a phased-in approach, but it is unknown at what point DOD will determine which programs will be part of the initial rollout (or if there will be a coordinated rollout across specific contracts). Because of that, contractors should prepare for the possibility that new DOD contracts will require a CMMC assessment in the first half of 2025.
False Claims.
These regulations continue to raise the specter of False Claims Act liability. Information systems will be tied to information-specific contracts, and affirmations will be required annually. Those affirmations will have to attest that no material changes have occurred to the information system. So if a contractor upgrades a system (outside the regular patching process) or merges with another entity, a new assessment will be required in order for the contractor to continue performing, and an affirmation that ignores these changes could open a company up to liability.
Level Determination.
Besides the CMMC clause, there is a separate clause where DOD will notify offerors which CMMC level will be required prior to award for each information system that will store/process data as part of performance under the contract. The level determination could raise some pre-award protests tied to DOD's categorization of the information as CUI versus FCI.
Further, confirming the broad applicability of CMMC, DOD confirmed that these requirements will be applicable to contracts below the Simplified Acquisition Threshold (which currently sits at $250,000). The only exceptions are for contracts solely for the purchase of Commercial Off-the-Shelf items or contracts under the $10,000 micro-purchase threshold.
These proposed rules represent continued affirmation to DOD's dedication to rolling out CMMC soon. Contractors in the DOD space should not delay in preparing for the rolling out of CMMC in 2025.
Experts
Eric Crusius
Partner, Holland & Knight
Eric, a Partner at Holland & Knight specializing in Government Contracts, Internet/Technology Law, and representing businesses of all shapes and sizes, was named a Super Lawyers Rising Star. This honor is only given to the top 2.5% of attorneys who meet certain criteria. Eric has appeared as a g...
See Full Bio
This Connect is Brought to You By...
Silver Sponsor