DOD announces first CMMC pilot contract nominees

lock and keyhole 

The Defense Department has released the first contracts that could include the Cybersecurity Maturity Model Certification requirement for contractors that’s aimed to make the defense industry base’s infrastructure more secure.

The Dec. 15 announcement calls out seven pilot contracts: the Technical Advisory and Assistance contract for the Missile Defense Agency; the Azure Cloud Solution, Mobility Air Force Tactical Data Links, and Consolidated Broadband Global Area Network Follow-On contracts for the Air Force; and the Navy’s Integrated Common Processor, F/A-18E/F Full Mod of the SBAR and Shut off Valve, and yard services for the Arleigh Burke Class destroyer contracts.

The contracts are considered nominated "candidates" that will undergo a CMMC assessment. Contract winners "must achieve the required CMMC level at time of contract award, and flow down the appropriate CMMC requirement to subcontractors," the Defense Department said.

The announcement comes after the interim rule that lays the groundwork for CMMC took effect Dec. 1, requiring defense contractors to self-attest to which NIST SP 800-171 protocols they’re employing. Those companies with higher security work would also have to submit to a third-party audit.

More candidates may be announced in the coming weeks as DOD works with the Army and other defense agencies to find contracts that fit certain criteria, according to the statement.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected