•senior official compliance affirmations; • potential third-party audits; and
• remediation plans to address gaps, and limitations on the use of Plans of Action and Milestones (POA&Ms) to satisfy gaps in unmet standards. The new regulation will likely bring compliance challenges and increased False Claims Act (FCA) risk. Since cybersecurity compliance is already a focus of aggressive enforcement against federal contractors through the Department of Justice (DOJ) Civil Cyber-Fraud Initiative (CCFI), DoD contractors and subcontractors must understand the CMMC Program, how it applies to them, and implications for their legal risk profile and mitigation strategies. Government contractors and subcontractors must be ready to promptly identify their existing cybersecurity controls, in-scope systems, and mechanisms for ensuring subcontractor and supplier compliance.
62
Made with FlippingBook - Online Brochure Maker