Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Marti Arvin and Anthony Buenger on the CMMC Framework
Cyber-attacks against America’s defense industrial base are becoming more sophisticated and more frequent. To reduce the risk of sensitive national security information landing in the hands of bad actors, the Department of...more
WHAT: The FAR Council published a proposed rule to incorporate the Controlled Unclassified Information (CUI) Program into the acquisition process and, in doing so, seeks to more clearly define government and contractor roles...more
The Order directs the revocation of any active or current security clearances held by former intelligence officials who worked with former President Biden on his 2020 presidential campaign and several specific individuals....more
On October 11, 2024, the United States Department of Defense (DOD) published a final rule implementing its Cybersecurity Maturity Model Certification (CMMC) program, which is designed to verify that defense contractors are...more
The U.S. and the U.K. are focused on common national security risks, including preventing foreign access to key emerging technologies, the integrity of the defense supply chain, protection of critical infrastructure, and...more
Defense contractors and subcontractors that handle Controlled Unclassified Information (CUI) and do not have robust information-security system controls in place better get their house in order now if they want to do business...more
With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards...more
Federal government lessees seeking to occupy high-security spaces in foreign-owned buildings will be required to obtain complete beneficial ownership and impose access restrictions on owners and property managers. The...more
On January 30, 2020, the U.S. Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”) framework (CMMC overview here; CMMC Version 1.0 and appendices here). By 2026, DoD...more
The Department of Defense (DoD) is planning to release Volume 1.0 of the Cyber Maturity Model Certification (CMMC) framework, which will affect the award and continued performance of all DoD contracts. In response to the...more
The Department of Defense (DoD) Inspector General recently issued a report summarizing the findings of an audit into the protection of Controlled Unclassified Information (CUI) on contractor networks. Based on an in-depth...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more