The recent Securities and Exchange Commission (SEC) lawsuit against SolarWinds is a landmark in regulatory enforcement, signaling a new level of accountability for federal contractors. Cybersecurity standards have long been mandated, particularly for the defense industrial base (DIB), and now it’s clear that the regulations have teeth.
The impending Cybersecurity Maturity Model Certification (CMMC) 2.0 program is set to enforce compliance with well-established mandatory minimum cybersecurity standards, introducing audits that will scrutinize the measures contractors have in place.
Implications of these regulatory changes are wide-reaching, impacting how cybersecurity programs are developed, documented, and managed. The weight of this responsibility parallels the financial accountability held by CFOs, highlighting the importance of cybersecurity in today’s corporate governance. And, as the SEC lawsuit shows, individual executives are in the spotlight, too.
The expectation for transparent and accurate self-reporting is underscored by other recent legal actions, like the $9 million Aerojet Rocketdyne settlement, which demonstrates the legal and financial risks associated with misrepresentation. A recently unsealed lawsuit against Pennsylvania State University and its former chief information officer (CIO) shows that there’s a trend building around the government finally taking action and holding contractors accountable.
Too many DIB contractors haven’t taken compliance seriously enough. Our recent study conducted by Merrill Research found only 19% of contractors implemented vulnerability management solutions, and only 25% have secure IT backup solutions — both are required by the Department of Defense (DOD).
The government’s message is clear: Organizations must prioritize cybersecurity, not only as a legal obligation but as a cornerstone of national defense strategy and corporate responsibility.
The consequences of ignoring compliance are steep, but you don’t have to go it alone. CyberSheath has a rich history of guiding customers through the nuances of Defense Federal Acquisition Regulation Supplement (DFARS) and CMMC compliance. Our managed services are designed to align with the latest regulatory demands, so you don’t have to worry about passing an audit.
CyberSheath’s involvement in the development of critical cybersecurity initiatives since 2008 positions the company as a knowledgeable ally in navigating the complexities of compliance.
In the wake of the SEC’s rigorous enforcement stance, CyberSheath’s managed services can help you avoid the pitfalls of non-compliance, which can lead to severe legal, financial, and reputational damage.
Reach out to our experts today, and learn how we can help you in your compliance journey.