Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
[Podcast] Cybersecurity Maturity Model Certification (CMMC) 2.0 – What Federal Contractors Need To Know
Marti Arvin and Anthony Buenger on the CMMC Framework
As we welcome 2026, it is a good time for government contractors to reflect on their cybersecurity posture and the major shifts in federal data protection policy from 2025. Last year was more than just a year of evolution in...more
Defense contractors subject to Cybersecurity Maturity Model Certification (CMMC) compliance under government contracts will be subject to False Claims Act (FCA) liability risks going forward. The CMMC program went live on...more
As 2025 drew to a close, the United States Department of Justice (DOJ) announced significant developments in cases relating to the allegedly deficient cybersecurity practices of two Department of Defense (DoD) contractors. ...more
2025 has been an exceptionally active year for U.S. government contractors and grant recipients. The combination of executive orders, regulatory changes and legislative updates that have reshaped procurement, industrial...more
On Nov. 10, 2025, the long-awaited final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program became effective. This rule,...more
On November 10, 2025, the Department of Defense (DoD), also referred to as the Department of War (DoW), officially began rolling out its Cybersecurity Maturity Model Certification (CMMC) Final Rule, marking the start of the...more
This alert serves to remind contractors of the much-ballyhooed Cybersecurity Maturity Model Certification (CMMC) and updates our previous articles on the Department of Defense’s (DoD) proposed CMMC Program rule and DoD’s...more
Our Privacy, Cyber & Data Strategy Team breaks down the Department of Defense’s finalized Cybersecurity Maturity Model Certification (CMMC) rule, which establishes a tiered compliance framework that will soon be mandatory for...more
After half a decade of development and review, the U.S. Department of Defense (DoD) will implement contracting regulations, effective November 10, 2025, making the Cybersecurity Maturity Model Certification (CMMC) Program a...more
Colleges and universities are increasingly engaged in complex relationships with the federal government — through contracts, cooperative agreements, and research grants that fund everything from infrastructure and...more
The U.S. Department of Justice (“DOJ”) has kept busy in pursuing cybersecurity-related fraud in government contracts resulting in seven settlements. These settlements illustrate the continuing need for contractors to...more
The U.S. Department of Defense released the final rule implementing the Cybersecurity Maturity Model Certification on Sept. 9. Through the program, the DOD seeks to enhance protections for sensitive information. Originally...more
Notwithstanding Executive Orders to reduce federal rules affecting industry in effect today, the Department of Defense (DOD) recently enacted new regulations by finalizing the Cybersecurity Maturity Model Certification (CMMC)...more
On September 10, the U.S. Department of Defense (DOD) posted its final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program for defense acquisitions. This new rule (acquisition rule) updates the...more
On September 9, 2025, the Department of Defense issued a long-awaited final rule regarding the Cybersecurity Maturity Model Certification (CMMC). This final rule which has been published in the Federal Register and amended...more
The wait is finally over, and U.S. Department of Defense (DoD) contractors need to be prepared. On September 10, 2025, DoD posted a final rule that will officially make Cybersecurity Maturity Model Certification (CMMC) a...more
On September 10, 2025, the Department of Defense (DoD) issued a Final Rule officially incorporating the Cybersecurity Maturity Model Certification (CMMC) Program into the Defense Federal Acquisition Regulation Supplement...more
On September 10, 2025, the U.S. Department of Defense (DoD) published a final rule that will shake up cybersecurity compliance for DoD contractors. The new rule formally incorporates the Cybersecurity Maturity Model...more
The U.S. Department of Defense (DOD) issued a final rule this month that fundamentally changes eligibility for DOD procurement by tying contract awards directly to cybersecurity readiness....more
WHAT: The U.S. Department of Defense (DOD) this month published the second of two final rules needed to begin phasing in the long-awaited Cybersecurity Maturity Model Certification (CMMC) Program. This final rule amends the...more
In August 2024, The Department of Defense (DoD) released a proposed amendment to the Defense Acquisition Regulations Supplement (DFARS) – which provides acquisition policies and procedures for the DoD – that would require a...more
The Cybersecurity Maturity Model Certification (CMMC) has been a long-anticipated framework designed to bolster cybersecurity across the defense industrial base. After extensive development and revisions, the Department of...more
The Department of Defense (DoD) recently finalized a new rule, to be codified at Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7021 (contract clause) and 252.204-7025 (solicitation provision), which will...more
The wait is over. Five years after the Department of Defense (DoD) first introduced the Cybersecurity Maturing Model Certification (CMMC) program, the companion Final Rule was published in the Federal Register on Sept. 10....more
The Department of Defense (DoD) has issued its highly anticipated final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements for the Cybersecurity Maturity Model...more