DoD proposals to require cybersecurity certification

All faculty submitting proposals for Department of Defense (DoD) funding via federal contracts or as flow-through dollars from industry need to be aware of the upcoming requirements for cybersecurity practices and be prepared for the Cybersecurity Maturity Model Certification (CMMC).

CMMC is the federal government’s latest effort to standardize a set of cybersecurity practices, following previous familiar cybersecurity frameworks. Specifically, the CMMC is being rolled out by the DoD as a framework for protecting Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) associated with DoD-funded projects. As such, it will initially apply only to DoD-funded projects which work with CUI or FCI. The declared intention is to incorporate CMMC into the Defense Federal Acquisition Regulations, but that intention currently has no date associated with it.

DoD originally planned to issue CMMC-related Requests for Information and Requests for Proposals in late 2020, but now will likely issue those in 2021 due to the COVID-19 pandemic. In the interim, DoD will require universities to take a more rigorous approach to DoD-funded CUI-related cybersecurity than what is currently used.

As a result, the cybersecurity standards must be met before WSU can accept an award. You will see the requirements in the sponsor RFP’s. If you have questions, please contact Dan Nordquist by email at nordquist@wsu.edu.