Products Intelligence Pricing Methodology Contact
DEFENSE & GOVERNMENT CONTRACTING

Vendor cybersecurity due diligence

Vendor cybersecurity due diligence in Defense and Government Contracting now runs through a specific federal compliance structure: the U.S. Department of Defense's Cybersecurity Maturity Model Certification program requires primes and subcontractors to verify third-party adherence to NIST SP 800-171 controls before contract award, and the U.S. Defense Contract Audit Agency is actively scrutinizing how firms document that verification. Compliance teams are mapping vendor assessment records against CMMC 2.0 Level 2 requirements now, well ahead of the phased rulemaking timeline.

Watch

  • CMMC 2.0 final rule: phased contract clause rollout starting FY2025
  • DCSA facility clearance reviews increasingly flag gaps in vendor access controls
  • NIST SP 800-171 Revision 3 control changes affecting existing supplier assessment templates
  • Defense Federal Acquisition Regulation Supplement proposed rules on flow-down obligations to subcontractors

Recent material activity in Defense & Government Contracting

Active monitoring in place across Defense & Government Contracting. Material developments related to vendor cybersecurity due diligence will appear here as they are published.