Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Marti Arvin and Anthony Buenger on the CMMC Framework
The U.S. Department of Justice (DOJ) filed its first major complaint-in-intervention under the False Claims Act (FCA) premised on a government contractor’s alleged cybersecurity deficiencies since the DOJ’s Civil Cyber-Fraud...more
Cybersecurity Maturity Model Certification (CMMC) is coming — and now appears to be coming faster than many defense contractors believed. In the latest signal of CMMC’s forward momentum, the Department of Defense (DoD) issued...more
Sequels are rarely better than the films that precede them, and yet, sometimes a story is just too compelling to be limited to just one film. At the tail end of a summer full of Hollywood sequels, the Department of Defense...more
As the presidential race rages on, so too does the race to fully implement the Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The CMMC 2.0 program impacts Defense Industrial Base (DIB) contractors and...more
Late last week, the U.S. Department of Justice (DOJ) filed its complaint-in-intervention in a qui tam lawsuit against the Georgia Institute of Technology (Georgia Tech), alleging that the university failed to meet certain...more
On August 15, 2024, the Department of Defense (DOD) announced the much-anticipated Proposed Rule that would amend the Defense Federal Acquisition Regulation Supplement (DFARS) to include Cybersecurity Maturity Model...more
The U.S. Department of Defense (DOD) issued the proposed Defense Federal Acquisition Regulation Supplement (DFARS) rules that will implement the Cybersecurity Maturity Model Certification (CMMC) program. These rules, which...more
The DoD takes yet another step towards full implementation of CMMC 2.0. The proposed rule aims to implement many of the aspects of the Cybersecurity Maturity Model Certification program by amending the Department of...more
WHAT: The U.S. Department of Defense (DOD) just published the second of two proposed rules setting forth key requirements for its long-anticipated Cybersecurity Maturity Model Certification (CMMC) 2.0 program. The earlier...more
On August 15, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the proposed Cybersecurity...more
The Cybersecurity Maturity Model Certification (CMMC) Program has been a headache for many defense contractors since the idea was first introduced in 2019. The program seeks to protect unclassified information, including...more
The U.S. and the U.K. are focused on common national security risks, including preventing foreign access to key emerging technologies, the integrity of the defense supply chain, protection of critical infrastructure, and...more
Defense contractors and subcontractors that handle Controlled Unclassified Information (CUI) and do not have robust information-security system controls in place better get their house in order now if they want to do business...more
In May 2024, the National Institute of Standards and Technology (NIST) published Special Publication 800-171 Rev 3, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, and the accompanying...more
In May, the National Institute of Standards and Technology (NIST) issued updated recommendations for security controls for controlled unclassified information (CUI) that is processed, stored or transmitted by nonfederal...more
As we promised a trilogy in our earlier 2024 CMMC Blog – “Get Ahead of Compliance: The Proposed Rule for the Cybersecurity Maturity Model Certification (CMMC 2.0) Is Out!” – we continue our series with a discussion of each...more
On May 14, 2024, the National Institute of Standards and Technology (NIST) dropped the third remix…er, revision…of its Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems...more
On May 14, the National Institute of Standards and Technology (NIST) released “Revision 3” to Special Publication 800-171 (Protecting Controlled Unclassified Information on Nonfederal Systems and Organizations) and 800-171A...more
The National Institute of Standards and Technology (NIST) released the third revision of its Special Publication (SP) 800-171, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations." This...more
On May 2, the Department of Defense (DOD) issued a class deviation to DFARS 252.204-7012 “to provide industry time for a more deliberate transition upon the forthcoming release of [National Institute of Standards and...more
On February 19, 2024, the Department of Justice (“DOJ”) notified the U.S. District Court for the Northern District of Georgia that it would intervene in a False Claims Act (“FCA”) case filed against Georgia Tech Research...more
The U.S. government recently intervened in a False Claims Act qui tam case against Georgia Tech Research Corporation, Georgia Institute of Technology, and Georgia Tech Research Institute for violations of NIST 800-171 for...more
The United States notified the U.S. District Court for the Northern District of Georgia that it plans to intervene in a False Claims Act case filed against Georgia Tech Research Corporation (Georgia Tech) by its Associate...more
In this episode, Wiley partners Gary Ward, Tracye Howard, and Craig Smith examine the ongoing developments related to implementation of the Cybersecurity Maturity Model Certification (CMMC) program. They discuss the current...more
Over the holidays, the U.S. Department of Defense (DoD) issued proposed rules for updating its Cybersecurity Maturity Model Certification (CMMC) program from its existing Defense Acquisition Regulatory Supplement (DFARS)...more