Taft attorney Alex Gorelik was quoted in a Federal News Network article about the Cybersecurity Maturity Model Certification (CMMC) program for federal contractors. In the commentary piece titled “Do not misunderstand the CMMC,” Gorelik notes that “all of the lawsuits, to date, confirm that even failure to comply with standards of cybersecurity in the FAR, DFARS, and the contract alone, rather than the CMMC, can lead to significant penalties.”

The article, authored by Shaun Rieth, a senior cybersecurity analyst at METI, Inc., emphasizes that federal contractors must understand that CMMC requirements are a verification framework for existing FAR and DFARS regulations, not new requirements in themselves.

Gorelik added that “even settlements in such cases are often quite costly for contractors that find themselves having to address lawsuits and investigations of their cybersecurity compliance.”

Read more here.

Gorelik is a member of Taft’s Government Contracts and Data Privacy & Security practices. He advises clients on cybersecurity compliance matters and represents contractors in government investigations related to data protection requirements.