Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
Podcast - The State of Contractor Cybersecurity with Katie Arrington
What Do the Newly Released CMMC 2.1 Documents Mean?
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
Compliance Into The Weeds - Retreat on DoD Cybersecurity for Contractors
Cybersecurity Maturity Model Certification (CMMC) is coming — and now appears to be coming faster than many defense contractors believed. In the latest signal of CMMC’s forward momentum, the Department of Defense (DoD) issued...more
The United States Department of Defense (DoD) took another big step on the path to instituting its highly anticipated Cybersecurity Maturity Model Certification 2.0 program (CMMC 2.0). Once finalized, CMMC 2.0 will establish...more
The Cybersecurity Maturity Model Certification (CMMC) Program has been a headache for many defense contractors since the idea was first introduced in 2019. The program seeks to protect unclassified information, including...more
For 40 years, the Chevron Doctrine has been a prominent precedent in administrative law allowing courts to defer to an agency’s interpretation of an ambiguous statute or regulation. The Chevron Doctrine has been overturned by...more
As we promised a trilogy in our earlier 2024 CMMC Blog – “Get Ahead of Compliance: The Proposed Rule for the Cybersecurity Maturity Model Certification (CMMC 2.0) Is Out!” – we continue our series with a discussion of each...more
With ever-increasing threats from the Chinese Communist Party, recently exposed vulnerabilities in the United States' supply chain and decades of outsourcing that has left the defense and industrial base vulnerable, there is...more
On December 26, 2023, the Department of Defense (“DoD”) belatedly gifted defense contractors and subcontractors a Proposed Rule on the Cybersecurity Maturity Model Certification (“CMMC”) Program. DoD also released eight CMMC...more
The US Department of Defense (DoD) has issued a proposed rule to implement its long-awaited Cybersecurity Maturity Model Certification program (CMMC 2.0). This proposed rule — released on December 26, 2023, and published in...more
The Department of Defense (DoD) delivered its proposed Cybersecurity Maturity Model Certification Program rule (CMMC) the day after Christmas this year, including several related guidance documents (listed here). The proposed...more
The Federal Acquisition Regulatory Council (FAR Council) announced it was preparing a proposed rule to standardize cybersecurity requirements for unclassified Federal Information Systems across federal agencies in accordance...more
On October 26, 2022, John M. Tenaglia, Principal Director, Defense Pricing and Contracting, issued Class Deviation 2023-O0001 to direct contracting officers to use alternate procedures to verify small business joint venture...more
For nearly two years, we have been reporting on this blog about the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program. CMMC is a training, certification, and third-party assessment...more
With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards...more
Welcome to Jenner & Block’s Government Contracts Legal Round‑Up, a biweekly update on important government contracts developments. This update offers brief summaries of key developments for government contracts legal,...more
We recently wrote about the Department of Defense (DoD) amendment to the Defense Federal Acquisition Regulation Supplement (DFARS) to increase the threshold for requiring defense contracting agencies to issue sole-source...more
Weasel words: “Words or statements that are intentionally ambiguous or misleading.” Concise Oxford English Dictionary 1635 (11th ed. rev. 2008). The Armed Services Board of Contract Appeals (ASBCA) recently dismissed in...more
On January 31, 2020, the Department of Defense (DoD) released the latest version (Version 1.0) of its Cybersecurity Maturity Model Certification (CMMC) framework, setting forth future cybersecurity requirements for thousands...more
- DoD has released the final version of the CMMC framework. - DoD anticipates that CMMC requirements will appear in a limited number of solicitations starting in October 2020 and that they will appear in all DoD...more
On January 30, the US Department of Defense (DoD) released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework, which will require DoD contractors and subcontractors to obtain third-party...more
Federal Circuit Affirms Decision of the Armed Services Board of Contract Appeals Finding the Government Suffered No Harm Resulting from Contractor's Technical Noncompliance with Cost Accounting Rules: Defense v. Northrop...more
The U.S. Department of Defense (DOD) is forging ahead in its plan to adopt a new framework for cybersecurity, with significant ramifications for all defense contractors, including subcontractors. On November 8, 2019, DOD...more
On Oct. 18, 2019, the Court of Appeals for the Federal Circuit issued its decision in Raytheon Co. v. Sec. of Def., holding that salary costs associated with lobbying activities are expressly unallowable, and therefore...more
This is the sixth blog post in a series analyzing the 2019 National Defense Authorization Act (NDAA) as signed into law on Aug. 13, 2018. Stay tuned for more blog posts covering additional topics in the near future from...more
DEFENSE DEPARTMENT - Class Deviation-Commercial Items Omnibus Clause for Acquisitions Using the Standard Procurement System - According to an article on acq.osd.mil, this class deviation rescinds and supersedes Class...more