Deltek Invests in Cybersecurity and Compliance to Help Government Contractors Power Project Success

October 30, 2023
How Deltek Invests in Cybersecurity and Compliance

The last several years have seen notable increases in cyber incidents impacting companies, our government, and everyday life. Nation-state cyberattacks are rising and bad actors are getting better at stealing sensitive data and IP. Almost every industry or sector from banks and hospitals to schools and government, has experienced a cyberattack. This cybercrime is predicted to cost the world $10.5 trillion annually by 2025.

In response to growing threats, nation-state cyberattacks, and the continued loss of sensitive information, the Federal Government needed better enforcement of cybersecurity compliance regulations for its supply chain- Government Contractors. The Cybersecurity Maturity Model Certification (CMMC) is a recent program designed to address the vulnerability of federal contract information (FCI) and controlled unclassified information (CUI) within the DoD supply chain.  In addition to CMMC, the other major compliance standards to be familiar with are:

  • DFARS 252.204.7012 - Defense Federal Acquisition Regulations (DFARS) require contractors to provide adequate security for Covered Defense Information (CDI).
  • NIST SP 800-171 - The National Institute of Standards and Technology is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems.
  • FedRAMP - Federal Risk and Authorization Management Program delivers a standardized approach for assessing cloud products and services used by federal agencies.
  • ITAR - International Traffic and Arms Regulations restrict and control the export of defense and military-related technologies to safeguard U.S. national security and further U.S. foreign policy objectives.

Investment in Global Information Security

However, meeting these regulations and compliance standards comes at a cost. Keeping up with evolving compliance requirements and security threats takes time and resources that may not be available to all organizations. That’s why Deltek has invested significantly in its information security initiatives over the last several years. Leveraging deep government contracting industry expertise, Deltek has built a first-rate security program to help support its customers in meeting their compliance requirements.

Deltek’s Chief Information Security Officer (CISO) Caleb Merriman, oversees Global Information Security (GIS), a team of security experts that cover over 100 security service areas including Governance, Risk and Compliance, Security Engineering, and Security Operations.


“We must help our customers to be compliant with various laws, regulations, and industry standards. Today, our security program has incorporated requirements from more than 20 external authoritative sources.”

– Caleb Merriman, CISO Deltek


Deltek’s team of experts continuously monitors the changing regulations so that its customers can focus on running their businesses and successfully delivering on government contracts.

Consequences of Non-Compliance

There are several compelling reasons why it’s critical for government contractors to meet the requirements set forth by the respective government agencies, including but not limited to:

  • Avoiding fines or penalties for non-compliance
  • Avoiding lack of new contract eligibility for non-compliance
  • Keeping the business and its customers safe from vulnerabilities
  • Improving diversification and gaining a competitive advantage

Being prepared helps government contractors keep up with market demand and can give them a competitive edge when bidding on new contracts.

Security in the Cloud

Deltek is dedicated to providing cloud options that align with government contractors’ varied and evolving needs. Today, there are two Deltek Costpoint Cloud solutions designed to support Government Contractors' unique cybersecurity compliance requirements. Both Deltek Costpoint GovCon Cloud (GCC) solutions have:

  • Implemented NIST SP 800-171 controls to support baseline security requirements for Government Contractors
  • Incorporated CMMC 2.0 framework into our Cloud compliance and security posture
  • Designed Costpoint GovCon Cloud offerings to support Maturity Level 2 requirements
  • The Costpoint GovCon Cloud Moderate (GCCM) service also has:
  • Implemented FedRAMP Moderate controls and a cyber incident reporting program to support DFARS 252.204-7012 requirements
  • Incorporated policies and controls to protect export-controlled ITAR information

Additionally, Deltek will seek to achieve Cybersecurity Maturity Model Certification (CMMC) level 2 for its GCCM offering once the program is finalized.

As compliance requirements and the threat landscape continue to evolve, Deltek, as a trusted partner, is committed to protecting your data by ensuring our capabilities meet the constantly changing security landscape. We are continuously adjusting our suite of products and services to support your cyber posture by increasing investment in security, compliance, and supporting technologies for our customers – easing and scaling the systems management for your teams.

For more on this topic, watch Cyber Resilience and Value of the Cloud webinar