Cybersecurity continues to take center stage in the government contracts space. The rulemaking process has commenced on other related fronts, too. On April 27, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released a Request for Comment on a draft attestation form the government will request of software providers providing software developed or with major updates occurring after September 14, 2022. The comment period is in effect for 60 days, concluding on June 26, 2023.
In addition to getting familiar with the CISA Common Form, contractors can take at least six other steps if they are handling CUI in order to achieve CMMC and FedRAMP compliance while related FAR and DFARS rules are in flux.
With the first quarter of the new year in the rearview mirror and promises of updates to the cybersecurity landscape to come throughout 2023, government contractors handling controlled unclassified information (CUI) under their (or their partners’) federal contracts should ready themselves now. Staying engaged and chipping away at the compliance block is vital to avoid growing pains later and/or before it’s too late.
