Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
[Podcast] Cybersecurity Maturity Model Certification (CMMC) 2.0 – What Federal Contractors Need To Know
Marti Arvin and Anthony Buenger on the CMMC Framework
Over the past decade, a vibrant defense‑innovation ecosystem has emerged across the U.S. and Europe, powered by venture‑backed defense tech startups, dual‑use technology companies, and commercial‑first innovators entering...more
In January, the General Services Administration’s (GSA) Office of the Chief Information Security Officer issued a new procedural guide, CIO-IT Security-21-112 Rev. 1, that sets expectations for protecting Controlled...more
On Jan. 5, the U.S. General Services Administration (GSA) issued the revised IT Security Procedural Guide: Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations Process (the Guide)....more
In a recent update to internal procedural guidance, the General Services Administration (GSA) has established a new framework of security requirements and privacy controls for contractor information systems that process,...more
Key point: Historically, civilian‑agency contractors who handled Controlled Unclassified Information (CUI) enjoyed an informal compliance environment, with a requirement to adhere to NIST SP 800‑171 often framed as...more
November 2025 has been a busy month for cybersecurity rules affecting government contractors. The long-awaited Cybersecurity Maturity Model Certification (CMMC) Program went into effect on November 10. We are now seeing the...more
On November 10, 2025, the Department of Defense (DoD), also referred to as the Department of War (DoW), officially began rolling out its Cybersecurity Maturity Model Certification (CMMC) Final Rule, marking the start of the...more
This alert serves to remind contractors of the much-ballyhooed Cybersecurity Maturity Model Certification (CMMC) and updates our previous articles on the Department of Defense’s (DoD) proposed CMMC Program rule and DoD’s...more
Colleges and universities are increasingly engaged in complex relationships with the federal government — through contracts, cooperative agreements, and research grants that fund everything from infrastructure and...more
The Department of Defense (DoD) has finalized its game-changing Cybersecurity Maturity Model Certification (CMMC) rules, ushering in a new era of accountability for the Defense Industrial Base. The timeline is now very short:...more
On September 10, the U.S. Department of Defense (DOD) posted its final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program for defense acquisitions. This new rule (acquisition rule) updates the...more
The wait is finally over, and U.S. Department of Defense (DoD) contractors need to be prepared. On September 10, 2025, DoD posted a final rule that will officially make Cybersecurity Maturity Model Certification (CMMC) a...more
On September 10, 2025, the U.S. Department of Defense (DoD) published a final rule that will shake up cybersecurity compliance for DoD contractors. The new rule formally incorporates the Cybersecurity Maturity Model...more
WHAT: The U.S. Department of Defense (DOD) this month published the second of two final rules needed to begin phasing in the long-awaited Cybersecurity Maturity Model Certification (CMMC) Program. This final rule amends the...more
On September 10, 2025, the Department of Defense (DoD) issued a long-awaited final rule related to the implementation of the Cybersecurity Maturity Model Certification (CMMC) program. The final rule goes into effect on...more
The Pentagon has published the new rule to the Federal Register titled “Assessing Contractors’ Implementation of Cybersecurity Requirements.” ...more
This article is an update to McDermott Will & Schulte’s series on the US Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) Program. As DoD has now issued the final component of that program, the...more
On September 9, 2025, the Department of Defense (DOD) released its long-anticipated final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. As discussed previously, this rule marks a significant...more
WHAT: The U.S. Department of Defense (DOD) has published the final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements for the Cybersecurity Maturity Model...more
After years of drafts and interim measures, the Department of Defense (“DOD”) has issued the final Defense Federal Acquisition Regulation Supplement (“DFARS”) rule implementing the Cybersecurity Maturity Model Certification...more
Key point: Beginning November 10, 2025, DoD contracting officers will begin adding Cybersecurity Maturity Model Certification (CMMC) requirements to solicitations, and contracting officers “shall not award a contract, task...more
The Department of Defense (DoD) has issued its long-awaited final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program into the Defense Federal Acquisition Regulation Supplement (DFARS). The rule...more
The U.S. Department of Defense (DOD) has issued the long-awaited final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program....more
The White House and Department of Defense (DoD) have announced a series of new directives that will significantly impact the burgeoning domestic drone industry. This initiative, titled “Unleashing American Drone Dominance,”...more
On July 31, 2025, the United States Department of Justice (DOJ) announced a pair of settlements with companies accused of having violated the False Claims Act (FCA) by falsely representing their compliance with certain...more