Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Marti Arvin and Anthony Buenger on the CMMC Framework
The Office of Information and Regulatory Affairs (OIRA) recently cleared the final rule for the U. S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program, putting the agency one step closer to...more
The U.S. Department of Defense (DOD) issued the proposed Defense Federal Acquisition Regulation Supplement (DFARS) rules that will implement the Cybersecurity Maturity Model Certification (CMMC) program. These rules, which...more
The Cybersecurity Maturity Model Certification (CMMC) Program has been a headache for many defense contractors since the idea was first introduced in 2019. The program seeks to protect unclassified information, including...more
On December 26, the Department of Defense issued its proposed rule for the Cybersecurity Maturity Model Certification (CMMC) 2.0 program, which covers federal contracts (including defense contracts) and, by extension,...more
The US Department of Defense (DoD) has issued a proposed rule to implement its long-awaited Cybersecurity Maturity Model Certification program (CMMC 2.0). This proposed rule — released on December 26, 2023, and published in...more
In this series of articles, we explore the different certification requirements of CMMC Level 1, 2 and 3, the impact on contractors and external service providers, and proposed next steps... On December 26, 2023, the US...more
Well, the wait is over. Just as 2023 came to a close, on December 26, 2023, the Department of Defense (“DoD”) published the much-anticipated Proposed Rule for the DoD’s Cybersecurity Maturity Model Certification (“CMMC”)...more
On December 26, the Department of Defense (DoD) published its long-awaited Cybersecurity Maturity Model Certification (CMMC) Program proposed rule, which places comprehensive cybersecurity and information security...more
The Department of Defense (DoD) delivered its proposed Cybersecurity Maturity Model Certification Program rule (CMMC) the day after Christmas this year, including several related guidance documents (listed here). The proposed...more
Two years after announcing the second iteration of the U.S. Department of Defense's (DoD) Cybersecurity Maturity Model Certification (CMMC) program, the DoD released its proposed rule that, if adopted, will implement the...more
In January, the OMB implemented the following new policies designed to strengthen the federal contracting system. On January 10, 2023, the OMB issued a memorandum on the subject of Strengthening Support for Federal...more
For nearly two years, we have been reporting on this blog about the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program. CMMC is a training, certification, and third-party assessment...more
America’s data is under attack. Solar Winds and other recent headline-grabbing stories have demonstrated that foreign adversaries are eager to hack into computer systems for a wide range of purposes. The US Department of...more
The Department of Defense (DoD) continues to enhance cybersecurity requirements in its supply chain. A new rule requires some contractors to assign a numerical score to their current cybersecurity practices. Additionally, the...more
On January 31, 2020, the Department of Defense (DoD) released the latest version (Version 1.0) of its Cybersecurity Maturity Model Certification (CMMC) framework, setting forth future cybersecurity requirements for thousands...more
January 2020 was a very important month for DOD’s Cybersecurity Maturity Model Certification (CMMC) initiative. Last week, on January 31, 2020, DOD issued CMMC “Version 1.0” to the public....more
- DoD has released the final version of the CMMC framework. - DoD anticipates that CMMC requirements will appear in a limited number of solicitations starting in October 2020 and that they will appear in all DoD...more
On January 30, the US Department of Defense (DoD) released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework, which will require DoD contractors and subcontractors to obtain third-party...more
A major shift in cybersecurity requirements for Department of Defense (DoD) contractors is about to come into effect—earlier this month the DoD released for public comment the long-anticipated Version 0.4 of the draft...more