Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Marti Arvin and Anthony Buenger on the CMMC Framework
On October 15, 2024, the Department of Defense (DoD) published the final rule for the Cybersecurity Maturity Model Certification (CMMC) Program that not only finalizes the long-anticipated CMMC Rule but also foreshadows what...more
After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the...more
The U.S. Department of Defense (DOD) has published a Final Rule to implement the Cybersecurity Maturity Model Certification (CMMC) program, which establishes minimum cybersecurity requirements for nearly all DOD contracts....more
The U.S. Department of Defense (DOD) has long questioned whether contractors and their supply chains have been fully compliant with existing cybersecurity requirements aimed at protecting Controlled Unclassified Information...more
On August 22, 2024, the United States intervened in a whistleblower suit against the Georgia Institute of Technology, initially filed by current and former members of Georgia Tech’s cybersecurity team, alleging that Georgia...more
The U.S. Department of Justice (DOJ) filed its first major complaint-in-intervention under the False Claims Act (FCA) premised on a government contractor’s alleged cybersecurity deficiencies since the DOJ’s Civil Cyber-Fraud...more
Late last week, the U.S. Department of Justice (DOJ) filed its complaint-in-intervention in a qui tam lawsuit against the Georgia Institute of Technology (Georgia Tech), alleging that the university failed to meet certain...more
The U.S. Department of Defense (DOD) issued the proposed Defense Federal Acquisition Regulation Supplement (DFARS) rules that will implement the Cybersecurity Maturity Model Certification (CMMC) program. These rules, which...more
The United States notified the U.S. District Court for the Northern District of Georgia that it plans to intervene in a False Claims Act case filed against Georgia Tech Research Corporation (Georgia Tech) by its Associate...more
Over the holidays, the U.S. Department of Defense (DoD) issued proposed rules for updating its Cybersecurity Maturity Model Certification (CMMC) program from its existing Defense Acquisition Regulatory Supplement (DFARS)...more
Two years after announcing the second iteration of the U.S. Department of Defense's (DoD) Cybersecurity Maturity Model Certification (CMMC) program, the DoD released its proposed rule that, if adopted, will implement the...more
The Inspector General (IG) for the U.S. Department of Defense (DOD) issued a report critical of recent efforts by contractors to protect Controlled Unclassified Information (CUI). The report, which followed the DOD IG's...more
A recent DoD memorandum should serve as a warning to contractors that they need to focus on cybersecurity compliance now or risk serious consequences. A recent DoD memorandum should serve as a warning to contractors that...more
Aerojet Rocketdyne received another blow last week in its long running battle to end a 2015 False Claims Act suit alleging it lied about its compliance with cybersecurity requirements in order to win several federal...more
People like to say that cybersecurity threats are constantly evolving. So perhaps it’s fitting that cybersecurity compliance is undergoing a significant evolution of its own this year, too. That evolution is the arrival of...more
The U.S. Department of Defense (DoD) has issued a long-awaited interim rule to safeguard unclassified information in the possession of defense contractors by making periodic assessments of a company’s cybersecurity compliance...more
The Office of Management and Budget (OMB) released a draft guidance document on Aug. 11, 2015, titled “Improving Cybersecurity Protection in Federal Acquisitions” (the “OMB Guidance”). The OMB Guidance instructs agencies on...more
Federal government contractors handling Controlled Unclassified Information (CUI) should take notice of two recent executive agency actions. Combined, they lay the groundwork for a new cybersecurity clause to be added to the...more