Deltek Invests in Cybersecurity and Compliance to Help Government Contractors Power Project Success

Posted by Deltek on March 21, 2022

A businesswoman delivering a presentation in a boardroom on cybersecurity and compliance for government contractors.

The last several years have seen notable increases in cyber incidents impacting companies, our government, and everyday life. Nation-state cyberattacks are rising and bad actors are getting better at stealing sensitive data and IP. The Log4J vulnerability, for example, is the most recent threat to draw international attention.

In early December 2021, nearly every major software company was scrambling to figure out how they could determine what software was impacted and patch the newly discovered hole. Computer programmers and security experts alike described the situation as a “nightmare.” And while many patches have been sent out since the initial discovery, it’s unclear if every LogJ4 vulnerability will be fixed simply because not every organization has the cybersecurity resources to do so.

In response to growing threats like Log4J, nation-state cyberattacks, and the continued loss of sensitive information, the Federal Government needed compliance regulations for its supply chain- Government Contractors. The Cybersecurity Maturity Model Certification (CMMC) is the most recent program designed to address the vulnerability of federal contract information (FCI) and controlled unclassified information (CUI) within the DoD supply chain. In addition to CMMC, the other major compliance standards to be familiar with are:

  • DFARS 252.204.7012 - Defense Federal Acquisition Regulations (DFARS) require contractors to provide adequate security for Covered Defense Information (CDI).
  • NIST 800-171 - The National Institute of Standards and Technology is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems.
  • FedRAMP - Federal Risk and Authorization Management Program delivers a standardized approach for the assessment of cloud products and services used by federal agencies.
  • ITAR - International Traffic and Arms Regulations restrict and control the export of defense and military-related technologies to safeguard U.S. national security and further U.S. foreign policy objectives.

Investment in Global Information Security

However, meeting these regulations and compliance standards come at a cost. Keeping up with evolving compliance requirements and security threats takes time and resources that may not be available to all organizations. That’s why Deltek has invested significantly in its information security initiatives over the last several years. Leveraging deep government contracting industry expertise, Deltek has built a first-rate security program to help its customers successfully meet and stay ahead of compliance requirements.

Deltek’s Chief Information Security Officer (CISO) Caleb Merriman, oversees Global Information Security (GIS), a team of security experts that cover over 100 security service areas including Governance, Risk and Compliance, Security Engineering, and Security Operations.


“We must help our customers to be compliant with various laws, regulations, and industry standards. Today, our security program has incorporated requirements from more than 20 external authoritative sources.”

– Caleb Merriman, CISO Deltek


Deltek’s team of experts continuously monitors the changing regulations so that its customers can focus on running their business and successfully delivering on government contracts.

Consequences of Non-Compliance

There are a number of compelling reasons why it’s critical for government contractors to meet the requirements set forth by the respective government agencies, including but not limited to:

  • Avoiding fines or penalties for non-compliance;
  • Avoiding lack of new contract eligibility for non-compliance;
  • Keeping the business and its customers safe from vulnerabilities;
  • Improving diversification and gaining a competitive advantage.

Being prepared helps government contractors keep up with market demand and can give them a competitive edge when bidding on new contracts.

Security in the Cloud

Deltek is dedicated to providing cloud options that align with government contractors’ varied and evolving needs. Today, there are two Deltek Costpoint Cloud solutions purposely designed to support Government Contractors' unique cybersecurity compliance requirements. Deltek Costpoint GovCon Cloud (GCC) solutions have:

  • Fully implemented NIST 800-171 controls to support baseline security requirements for Government Contractors
  • Implemented FedRAMP Moderate controls with the Costpoint GovCon Cloud Moderate environment to support DFARS 252.204-7012
  • Incorporated policies and controls in the Costpoint GCC Moderate offering to protect export controlled ITAR information
  • Incorporated CMMC 2.0 framework into our Cloud compliance and security posture
  • Designed Costpoint GovCon Cloud offerings to support Maturity Level 2 requirements

Additionally, Deltek has a project underway to achieve Cybersecurity Maturity Model Certification (CMMC) level 2 for its GCCM offering.

As compliance requirements and the threat landscape continue to evolve, Deltek, as a trusted partner, is committed to protecting your data by ensuring our capabilities meet the constantly changing security landscape. We are continuously adjusting our suite of products and services to support your cyber posture by increasing investment in security, compliance, and supporting technologies for our customers – easing and scaling the management of systems for your teams.

Take an in-depth look at Deltek’s investment in cybersecurity and compliance and hear from one of our customers on how the GovCon Cloud Moderate solution powers their project success. View the Webinar.