Cybersecurity in 2023 for Federal Contractors - What You Need to Know

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

2023 will be a pivotal year for federal contractors when it comes to cybersecurity as a number of important items are on the table and up for discussion.

NIST 800-171: As of 11/1/2022, NIST posted an analysis of public comments received, for which during the 90-day public comment period, more than 60 individuals and organizations submitted comments describing how they use the CUI series and provided feedback on potential updates for consistency with SP 800-53, Revision 5, and SP 800-53B. The comments also addressed implementation and usability issues and provided other suggestions to improve the publication.

CMMC: As of January 161, 2023, this was the official statement on the dodcio.defense.gov website: UPDATES TO THE CMMC WEBSITE WILL BE LIMITED DURING THE CMMC 2.0 RULEMAKING PROCESS.

And their own answer to their own posted question of "When will CMMC 2.0 be required for DoD contracts? "The publication of materials relating to CMMC 2.0 reflect the Department’s strategic intent with respect to the CMMC program; however, CMMC 2.0 will not be a contractual requirement until the Department completes rulemaking to implement the program. The rulemaking process and timelines can take 9-24 months. CMMC 2.0 will become a contract requirement once rulemaking is completed.”

New Civilian Requirements: Per Holland & Knight, DoD contractors that process, store, create or transmit CUI have long had to comply with the standards outlined in NIST SP 800-171. On the other hand, civilian contractors have had to comply with a much looser standard outlined in FAR 52.204-21. A new proposed rule that has not yet been published will likely align standards and also require civilian contractors to be compliant with NIST 800-171.^{^[1]}

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.

^{^[1]} https://www.hklaw.com/en/insights/publications/2023/01/cybersecurity-in-2023-what-government-contractors-should-expect

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

DoD Strategy & Advisory

FedRAMP for DOD Contractors

TPRM & Supply Chain

NISP eMASS DCSA

Cybersecurity

Config. Mgmt.

NIST 800-171

Data Privacy

DoD Cloud Security

CMMC

vCO & vCISO

Awareness / Threat Training

Risk Assessments

FISMA

CP & IR

Non-DoD NIST RMF

About Arlington

Expertise

Focus

Values

DoD Briefs

Case Studies

FAQ's

Cybersecurity in 2023 for Federal Contractors - What You Need to Know

Arlington Security Portal

Arlington Security Portal

More Blog Posts

NISP RMF A&A eMASS Due to Celebrate Four Year Anniversary on May 6, 2023

DoD Establishes the Defense Management Institute (DMI), a non-profit, non-partisan Research Organization

NISP eMASS DAAPM DCSA Requirements for Risk Assessment Report (Appendix C) - Download Toolkit Today

SERVICES

RESOURCES

ABOUT