Expert Advice

Cybersecurity Requirement for the Department of Defense

The Department of Defense has announced that the businesses doing business with DOD must be cybersecurity certified by December 31, 2020 to protect the Defense Industrial Base. This requirement is a significant change to the previous requirement that had been in place since December 2017 to have a cybersecurity plan and milestones identified to be in compliance with your plan.

The certification requirement will flow down to subcontractors and will affect those small businesses that participate in DOD business through prime contractors.

The certification will be performed by third party certifiers.  A list of certifiers will be forthcoming.  The certification must be obtained by December 31, 2020.

If you do business with DOD or intend to do business with DOD – start now and develop your Cyber Security Plan with auditable actions and milestones. If you have any questions please contact the NORCAL PTAC for further information.


Learn more

Join our upcoming  Cybersecurity Webinar. If you are reading this article after October 2, find a recording of the webinar on our Past Webinars page.


Written by Lenny Bean, Norcal PTAC Procurement Specialist.