Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

Cybersecurity in 2023 for Federal Contractors - What You Need to Know

2023 will be a pivotal year for federal contractors when it comes to cybersecurity as a number of important items are on the table and up for discussion.

NIST 800-171:  As of 11/1/2022, NIST posted an analysis of public comments received, for which during the 90-day public comment period, more than 60 individuals and organizations submitted comments describing how they use the CUI series and provided feedback on potential updates for consistency with SP 800-53, Revision 5, and SP 800-53B. The comments also addressed implementation and usability issues and provided other suggestions to improve the publication.

CMMC:  As of January 161, 2023, this was the official statement on the dodcio.defense.gov website: UPDATES TO THE CMMC WEBSITE WILL BE LIMITED DURING THE CMMC 2.0 RULEMAKING PROCESS.

And their own answer to their own posted question of "When will CMMC 2.0 be required for DoD contracts? "The publication of materials relating to CMMC 2.0 reflect the Department’s strategic intent with respect to the CMMC program; however, CMMC 2.0 will not be a contractual requirement until the Department completes rulemaking to implement the program. The rulemaking process and timelines can take 9-24 months. CMMC 2.0 will become a contract requirement once rulemaking is completed.”

New Civilian Requirements:  Per Holland & Knight, DoD contractors that process, store, create or transmit CUI have long had to comply with the standards outlined in NIST SP 800-171. On the other hand, civilian contractors have had to comply with a much looser standard outlined in FAR 52.204-21. A new proposed rule that has not yet been published will likely align standards and also require civilian contractors to be compliant with NIST 800-171.[1]

About Arlington


We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at arlingtonintel.com.

[1] https://www.hklaw.com/en/insights/publications/2023/01/cybersecurity-in-2023-what-government-contractors-should-expect