Jenner & Block

Client Alert: Cybersecurity as Acquisition Differentiator: New CMMC and Cybersecurity Interim Rule

Department of Defense representatives have signaled for months that the Department would begin to use cybersecurity as an acquisition differentiator, and a new interim rule brings the DoD one step closer to that goal.  This interim rule requires cybersecurity assessment scores (whether Basic Level self-assessments or Medium/High Level government assessments) to be published in the Supplier Performance Risk System.  DoD acquisition professionals will have access to the SPRS system, will be able to review assessment scores, and will “verify that an offeror has a current (i.e., not more than three years old, unless a lesser time is specified in the solicitation) Assessment, at any level, on record prior to contract award.”  In short, DoD has announced that cybersecurity will be scored and will become a differentiator in future acquisitions.

To read the full article, please click here.