Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
[Podcast] Cybersecurity Maturity Model Certification (CMMC) 2.0 – What Federal Contractors Need To Know
Marti Arvin and Anthony Buenger on the CMMC Framework
As we welcome 2026, it is a good time for government contractors to reflect on their cybersecurity posture and the major shifts in federal data protection policy from 2025. Last year was more than just a year of evolution in...more
Defense contractors subject to Cybersecurity Maturity Model Certification (CMMC) compliance under government contracts will be subject to False Claims Act (FCA) liability risks going forward. The CMMC program went live on...more
As 2025 drew to a close, the United States Department of Justice (DOJ) announced significant developments in cases relating to the allegedly deficient cybersecurity practices of two Department of Defense (DoD) contractors. ...more
2025 has been an exceptionally active year for U.S. government contractors and grant recipients. The combination of executive orders, regulatory changes and legislative updates that have reshaped procurement, industrial...more
On November 10, 2025, the Department of Defense (DoD), also referred to as the Department of War (DoW), officially began rolling out its Cybersecurity Maturity Model Certification (CMMC) Final Rule, marking the start of the...more
Our Privacy, Cyber & Data Strategy Team breaks down the Department of Defense’s finalized Cybersecurity Maturity Model Certification (CMMC) rule, which establishes a tiered compliance framework that will soon be mandatory for...more
Colleges and universities are increasingly engaged in complex relationships with the federal government — through contracts, cooperative agreements, and research grants that fund everything from infrastructure and...more
The U.S. Department of Justice (“DOJ”) has kept busy in pursuing cybersecurity-related fraud in government contracts resulting in seven settlements. These settlements illustrate the continuing need for contractors to...more
The Department of Defense (DoD) has finalized its game-changing Cybersecurity Maturity Model Certification (CMMC) rules, ushering in a new era of accountability for the Defense Industrial Base. The timeline is now very short:...more
The U.S. Department of Defense released the final rule implementing the Cybersecurity Maturity Model Certification on Sept. 9. Through the program, the DOD seeks to enhance protections for sensitive information. Originally...more
Notwithstanding Executive Orders to reduce federal rules affecting industry in effect today, the Department of Defense (DOD) recently enacted new regulations by finalizing the Cybersecurity Maturity Model Certification (CMMC)...more
On September 9, 2025, the Department of Defense issued a long-awaited final rule regarding the Cybersecurity Maturity Model Certification (CMMC). This final rule which has been published in the Federal Register and amended...more
The Cybersecurity Maturity Model Certification (CMMC) has been a long-anticipated framework designed to bolster cybersecurity across the defense industrial base. After extensive development and revisions, the Department of...more
The wait is over. Five years after the Department of Defense (DoD) first introduced the Cybersecurity Maturing Model Certification (CMMC) program, the companion Final Rule was published in the Federal Register on Sept. 10....more
The Pentagon has published the new rule to the Federal Register titled “Assessing Contractors’ Implementation of Cybersecurity Requirements.” ...more
On September 9, 2025, the Department of Defense (DOD) released its long-anticipated final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. As discussed previously, this rule marks a significant...more
The inexorable expansion of the False Claims Act (“FCA”) to cover virtually all types of cybersecurity breaches and violations – to include allegedly poor practices and failure to fully adhere to security controls –...more
This past month, the Department of Defense sent the final rule for the new Cybersecurity Maturity Model Certification (CMMC) program under the Federal Acquisition Regulation to the Office of Information and Regulatory Affairs...more
In our August 1 post, we discussed how companies that acquire government contractors can inherit the False Claims Act (“FCA”) exposure based on their targets’ cybersecurity violations. Now, the Department of Justice (“DOJ”)...more
On July 31, 2025, the United States Department of Justice (DOJ) announced a pair of settlements with companies accused of having violated the False Claims Act (FCA) by falsely representing their compliance with certain...more
On December 16, 2024, the new Cybersecurity Maturity Model Certification (CMMC) 2.0 program from the U.S. Department of Defense (DoD) will go into effect. CMMC 2.0 aims to improve cybersecurity standards within the defense...more
On December 16, the U.S. Department of Defense’s Cybersecurity Maturity Model Certification Program (CMMC) final rule (the “CMMC Program Rule”) will become effective, to codify the CMMC requirements and assessment processes....more
After years in the making, on October 15, 2024, the U.S. Department of Defense (DoD) published its final rule to establish the Cybersecurity Maturity Model Certification (CMMC) Program, amending Title 32 of the Code of...more
The Department of Defense (DoD) published a Final Rule earlier this month formally implementing the Cybersecurity Maturity Model Certification (CMMC) Program. This Final Rule is the culmination of five years of work to...more
The Office of Information and Regulatory Affairs (OIRA) recently cleared the final rule for the U. S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program, putting the agency one step closer to...more