Meital Stavinsky

Cybersecurity Certification: What Israeli Defense Companies Need to Know

In its fiscal year 2025 budget request, the U.S. Department of Defense (DoD) requested $14.5 billion for network security, cyber operations and digital research and development.  The request, which reflects a notable increase from its 2024 budget, was part of a larger $27.5 billion ask by the Biden Administration for increased federal cyber funds, including for civilian related agencies. While the Biden Administration’s budget represents a wish list that requires congressional approval to be enacted, it offers an indication of the administration’s priorities. According to a report by the U.S. Government Accountability Office, the DoD has experienced over 12,000 cyber incidents from 2015 to 2022.

The DoD has been engaged in various efforts to improve its cybersecurity posture throughout the years. The most recent effort is focused on a new certification requirement designed to protect the U.S. supply chain. The forthcoming DoD’s Cybersecurity Maturity Model Certification (CMMC), will require in some instances a third-party cybersecurity certification of compliance with current obligations – including information systems requirements, reporting requirements following a breach, and supply chain requirements.  Beyond CMMC for DoD contracts, other U.S. federal agencies also have or will soon launch new cybersecurity initiatives.

While the CMMC is focused on products and services, the U.S. already instated the Federal Risk and Authorization Management Program, FedRAMP in short, for cloud service providers if U.S. government information is involved. Israeli companies in the U.S. supply chain are required to comply with the CMMC and other applicable programs, even if they are far down the supply chain and do not have direct contact with the U.S. federal government.

The CMMC, which is expected to enter into initial effect on December 1, 2024, has a broad-based applicability and will include a tired three-level assessment.  The certification, which applies to contractors and subcontractors, combines the best practices of multiple cybersecurity models. Level 1 is generally geared towards handling of less sensitive information and federal contract information. Levels 2 and 3 are geared toward handling more sensitive information and controlled unclassified information.

The CMMC final rule is expected by the end of 2024/ early 2025.  However, DoD’s government contractors are already being held liable for failure to abide by cybersecurity standards, exposing them to the risk of False Claims Act violations. Israeli Defense technology companies are encouraged to take a proactive approach to CMMC compliance. Including, assessing the type of information they are handling, limiting assets in scope of work and setting boundaries between related companies, and establishing policies and training to validate compliance.

About the Author
Meital Stavinsky is a Miami and Washington D.C. attorney, member of Holland & Knight's Public Policy & Regulation Group and Co-Chair of the firm's Israel Practice. Meital focuses her practice on business, public policy and regulation, with a particular emphasis on Israeli emerging and advanced technologies companies. Meital assists Israeli companies seeking to enter the U.S. market and expand their operations in the United States. In her work with innovative companies, Meital advises advanced technologies companies that provide a beneficial social or environmental impact in the areas of innovative AgriFoodTech, advanced manufacturing and clean technology. In addition, Meital has worked on a wide range of U.S. congressional and federal legislative matters. She has experience with various federal agencies such as the U.S. Department of Agriculture, U.S. Department of Transportation, U.S. Department of Energy and U.S. Environmental Protection Agency. Meital provides strategic and policy advice to technology clients. She has helped her clients impact agriculture-related legislation, including in connection with among others, the Farm Bill and the U.S. Department of Defense Appropriations Act.
Related Topics
Related Posts