Our Website Uses Cookies 


We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.


For more information, please contact us or consult our Privacy Notice.

Your binder contains too many pages, the maximum is 40.

We are unable to add this page to your binder, please try again later.

This page has been added to your binder.

Audit Process Remains A Mystery In DOD Cybersecurity Plan

February 5, 2020, Law360

Susan Cassidy is quoted in Law360 regarding the DoD’s implementation of cybersecurity requirements for defense contractors. Ms. Cassidy says that questions about the process, such as who will audit the thousands of contractors that need to be certified for cybersecurity compliance, how they will be audited and what options they will have if they disagree with an audit, remain unanswered. "This is the 'devil is in the details' part of it, in many ways the hardest part of this, because it's the practical implementation [of the plan]. And I'm hoping [the DOD] ... seeks industry input, because industry will think of practical issues that they may not have, because they're not on the business side of it."

 

She adds, “The accreditation process still seems like it's the long pole of the tent. The concern there, and I don't know if they've thought about this [although] I'm assuming they have, is what are the qualifications to be an accreditor ... and how are they going to vet that? Because you're going to have what appears to be a lot of smaller entities — it doesn't mean they're not good, but my guess is it'll be uneven. So how are they going to ensure quality?" If there is no clear avenue for appeal, contractors could be "stuck" with their CMMC level for as long as three years, which is how long a certification will last. "We need some due process in there.”

Share this article: