Defense contractors are grappling with a new rule requiring them to implement cybersecurity programs that leaves crucial questions unanswered, including the exact information companies will be required to safeguard and how the new obligations will be worked into contracts.
How Much Will Compliance Cost?
Further complicating matters, the DOD may also have underestimated how much it will cost contractors to comply with CMMC, as it has done in the past with other rules related to cybersecurity, McCarter & English LLP government contracts practice co-chair Alex Major said.
“Like with a lot of what we’ve seen so far … when it comes to assessing and addressing cybersecurity, the expectations in terms of costs by the government don’t necessarily meet the demands facing contractors,” he said. “It is unfortunately a very expensive endeavor … a necessary endeavor, but that also is one of the reasons that it is so expensive.”