1. Home
  2. |Insights
  3. |DoD Previews New Third-Party Cyber Certification Requirements

DoD Previews New Third-Party Cyber Certification Requirements

Client Alert | 1 min read | 06.17.19

The Department of Defense is moving closer to a third-party certification to ensure compliance with its standard cybersecurity requirements – what is being called the “Cybersecurity Maturity Model Certification” (CMMC). While still in the early stages of development, the CMMC would likely require all contractors subject to DFARS 252.204-7012 to obtain a certification issued by an independent third party stating that the contractor has sufficiently implemented its required cybersecurity controls. Holding this certification would be a “go/no-go” condition to compete for relevant DoD work. Although NIST SP 800-171 is the default cybersecurity standard currently required under -7012, DoD is also exploring the creation of a new standard that would govern the certification. DoD is projecting that the CMMC will start appearing in solicitations as early as Fall 2020, but much work remains to be done – including potential revisions to -7012 – and will no doubt be informed by extensive industry engagement. 

Contacts

Insights

Client Alert | 1 min read | 07.08.26

CAS Board Publishes Final Rule Rescinding CAS 404, 408, 409, and 4117

As part of its ongoing effort to conform the Cost Accounting Standards (“CAS”) to generally accepted accounting principles (“GAAP”), the CAS Board published a final rule rescinding CAS 408 (Accounting for costs of compensated personal absence) and CAS 411 (Accounting for acquisition costs of material).  The CAS Board also rescinded CAS 404 (Capitalization of tangible assets) and CAS 409 (Depreciation of tangible capital assets) but retained certain requirements of CAS 404 and 409, which will be located in new paragraphs of CAS 405 (Accounting for unallowable costs).  Specifically, the CAS Board retained the requirements currently located at CAS 404-50(d)(1), CAS 409-50(e)(5), CAS 409-50(j)(1), and CAS 409-50(j)(4), which the CAS Board explained are necessary to protect the Government’s interests.  Otherwise, the CAS Board determined that the requirements of CAS 404, 408, 409, and 411 overlapped with GAAP such that GAAP “may be applied reasonably as a substitute for CAS to support contract cost and pricing.”...