Follow us

Reflecting recognition of the critical nature of cybersecurity concerns and precautions, the US Department of Defense ("DoD") has announced that certain cybersecurity protection measures may qualify as costs that defense contractors may claim in contracts.

On 3 June 2019 at the Professional Services Council's Federal Acquisition Conference, Katie Arrington, Special Assistant to the Assistant DoD Secretary for Acquisition for Cyber, stated succinctly: "Security is an allowable cost." She pointed to recent DoD directives that cite the need for "risk management solutions to assess, measure, and mitigate risk in real-time across multi-tier partner and supplier networks to achieve [DoD's] goal of cost, schedule and performance, as they are only effective in a secure environment." The DoD is working with John Hopkins University's Applied Physics Laboratory and Carnegie Mellon University's Software Engineering Institute to review and combine various cybersecurity standards into one unified standard for cybersecurity – the Cybersecurity Maturity Model Certification ("CMMC"). Defense contractors would have opportunities for input, including during a dozen collaborative sessions around the country in July/August 2019, and a CMMS plan is anticipated by January 2020. The terms of the plan, and its potential adoption (in same or similar form) by other US government entities will be worthy of further review.

Joseph Falcone photo

Joseph Falcone

Partner, New York

Joseph Falcone
Lawrence Savell photo

Lawrence Savell

Professional Support Lawyer, New York

Lawrence Savell

Related categories

Key contacts

Joseph Falcone photo

Joseph Falcone

Partner, New York

Joseph Falcone
Lawrence Savell photo

Lawrence Savell

Professional Support Lawyer, New York

Lawrence Savell
Joseph Falcone Lawrence Savell