After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the...more
11/12/2024
/ Certifications ,
Compliance ,
Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Cybersecurity Maturity Model Certification (CMMC) ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Final Rules ,
NIST ,
Proposed Regulation
On August 15, the Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the proposed Cybersecurity...more
On May 2, the Department of Defense (DOD) issued a class deviation to DFARS 252.204-7012 “to provide industry time for a more deliberate transition upon the forthcoming release of [National Institute of Standards and...more
5/9/2024
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Protection ,
Data Security ,
Defense Contracts ,
Defense Sector ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
New Regulations ,
NIST ,
Reporting Requirements
On March 12, the Department of Defense (DOD) promulgated a final rule that expands the eligibility criteria for the Defense Industrial Base (DIB) Cybersecurity Program, a voluntary initiative aimed at bolstering the DIB’s...more
On November 17, the Department of Defense (DoD) issued a final rule, implementing Section 874 of the National Defense Authorization Act (NDAA), clarifying that certain DoD-unique statutes and Defense Federal Acquisition...more
On March 22, the Department of Defense (DOD) issued a proposed rule that would amend the Defense Federal Acquisition Regulations (DFARS) to require certain contractors to provide the Defense Contract Management Agency (DCMA)...more
For nearly two years, we have been reporting on this blog about the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program. CMMC is a training, certification, and third-party assessment...more
Last month, the U.S. Court of Appeals for the Federal Circuit’s (Federal Circuit) opinion in The Boeing Co. v. Secretary of the Air Force shed additional light on the technical data rights of contractors under defense...more
For over a year, we have been discussing the Department of Defense’s (DoD) eventual implementation of a Cybersecurity Maturity Model Certification (CMMC) program for Defense contractors, most recently during a webinar in...more
The Department of Defense (DoD) Inspector General recently issued a report summarizing the findings of an audit into the protection of Controlled Unclassified Information (CUI) on contractor networks. Based on an in-depth...more
8/7/2019
/ Controlled Unclassified Information (CUI) ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Defense (DOD) ,
DFARS ,
Federal Contractors ,
National Security ,
NIST ,
Risk Mitigation
In 2016, Congress instructed the Department of Defense (DoD) to review its procurement regulations by convening a panel of procurement professionals—from both the public and private sectors. This panel became known as the...more