With the rollout of the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) requiring U.S. DoD contractors to become certified by meeting an appropriate level of cybersecurity standards, many DoD contractors are concerned with how they’ll pay for the costs associated with updating their systems and procedures.
Luckily, the DoD has announced that the costs to prepare for CMMC certification will be considered an “allowable cost.” Allowable costs are expenses specified in a contract that can be billed to the DoD. According to the CMMC website FAQ, “The cost of certification will be considered an allowable, reimbursable cost and will not be prohibitive.” The required CMMC level will be contained in sections L & M of the Request for Proposals (RFP). This means that DoD contractors will now be able to get reimbursement for CMMC Assessment and Preparation Services as well as the remediation work that needs to be done to meet the appropriate level of cybersecurity controls specified in each contract.
This comes as great news for U.S. companies, many of whom have struggled to navigate the hurdles of complying with DoD cybersecurity mandates over the last few years.
For more information on the CMMC and how to prepare for a CMMC Audit, see our Guide to CMMC preparation written specifically for DoD contractors. If you would like to speak with an expert now, please feel free to give us a call at (800) 481-1984 or schedule a CMMC consultation now.