Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
[Podcast] Cybersecurity Maturity Model Certification (CMMC) 2.0 – What Federal Contractors Need To Know
Marti Arvin and Anthony Buenger on the CMMC Framework
As we welcome 2026, it is a good time for government contractors to reflect on their cybersecurity posture and the major shifts in federal data protection policy from 2025. Last year was more than just a year of evolution in...more
Last month the General Services Administration’s (“GSA”) Office of the Chief Information Security Officer (“OCISO”) issued CIO-IT Security-21-112 Rev. 1, a procedural guide governing how Controlled Unclassified Information...more
Defense contractors subject to Cybersecurity Maturity Model Certification (CMMC) compliance under government contracts will be subject to False Claims Act (FCA) liability risks going forward. The CMMC program went live on...more
As 2025 drew to a close, the United States Department of Justice (DOJ) announced significant developments in cases relating to the allegedly deficient cybersecurity practices of two Department of Defense (DoD) contractors. ...more
If you are a trade and legal compliance decision-maker, where can you go to learn, expand your export controls brain trust, and strengthen your strategy? At ACI’s Advanced Forum on Global Export Controls, you’ll connect...more
November 2025 has been a busy month for cybersecurity rules affecting government contractors. The long-awaited Cybersecurity Maturity Model Certification (CMMC) Program went into effect on November 10. We are now seeing the...more
On Nov. 10, 2025, the long-awaited final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program became effective. This rule,...more
On November 10, 2025, the Department of Defense (DoD), also referred to as the Department of War (DoW), officially began rolling out its Cybersecurity Maturity Model Certification (CMMC) Final Rule, marking the start of the...more
After half a decade of development and review, the U.S. Department of Defense (DoD) will implement contracting regulations, effective November 10, 2025, making the Cybersecurity Maturity Model Certification (CMMC) Program a...more
Colleges and universities are increasingly engaged in complex relationships with the federal government — through contracts, cooperative agreements, and research grants that fund everything from infrastructure and...more
The U.S. Department of Justice (“DOJ”) has kept busy in pursuing cybersecurity-related fraud in government contracts resulting in seven settlements. These settlements illustrate the continuing need for contractors to...more
The Department of Defense (DoD) has finalized its game-changing Cybersecurity Maturity Model Certification (CMMC) rules, ushering in a new era of accountability for the Defense Industrial Base. The timeline is now very short:...more
The U.S. Department of Defense released the final rule implementing the Cybersecurity Maturity Model Certification on Sept. 9. Through the program, the DOD seeks to enhance protections for sensitive information. Originally...more
Notwithstanding Executive Orders to reduce federal rules affecting industry in effect today, the Department of Defense (DOD) recently enacted new regulations by finalizing the Cybersecurity Maturity Model Certification (CMMC)...more
Since 2004, October has marked Cybersecurity Awareness Month and for more than 15 years Wiley’s team of cybersecurity, tech, and government contracts experts has been helping organizations manage cyber risk. On October 21, as...more
On September 10, the U.S. Department of Defense (DOD) posted its final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program for defense acquisitions. This new rule (acquisition rule) updates the...more
The Federal Acquisition Regulatory Council (FAR Council) released its Spring 2025 regulatory agenda as part of the government-wide Unified Agenda of Regulatory and Deregulatory Actions, unveiling a slimmed-down list of...more
On September 9, 2025, the Department of Defense issued a long-awaited final rule regarding the Cybersecurity Maturity Model Certification (CMMC). This final rule which has been published in the Federal Register and amended...more
The wait is finally over, and U.S. Department of Defense (DoD) contractors need to be prepared. On September 10, 2025, DoD posted a final rule that will officially make Cybersecurity Maturity Model Certification (CMMC) a...more
On September 10, 2025, the Department of Defense (DoD) issued a Final Rule officially incorporating the Cybersecurity Maturity Model Certification (CMMC) Program into the Defense Federal Acquisition Regulation Supplement...more
On September 10, 2025, the U.S. Department of Defense (DoD) published a final rule that will shake up cybersecurity compliance for DoD contractors. The new rule formally incorporates the Cybersecurity Maturity Model...more
The U.S. Department of Defense (DOD) issued a final rule this month that fundamentally changes eligibility for DOD procurement by tying contract awards directly to cybersecurity readiness....more
WHAT: The U.S. Department of Defense (DOD) this month published the second of two final rules needed to begin phasing in the long-awaited Cybersecurity Maturity Model Certification (CMMC) Program. This final rule amends the...more
In August 2024, The Department of Defense (DoD) released a proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) – which provides acquisition policies and procedures for the DoD – that would require a...more
The Cybersecurity Maturity Model Certification (CMMC) has been a long-anticipated framework designed to bolster cybersecurity across the defense industrial base. After extensive development and revisions, the Department of...more