Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
[Podcast] Cybersecurity Maturity Model Certification (CMMC) 2.0 – What Federal Contractors Need To Know
Marti Arvin and Anthony Buenger on the CMMC Framework
Defense contractors subject to Cybersecurity Maturity Model Certification (CMMC) compliance under government contracts will be subject to False Claims Act (FCA) liability risks going forward. The CMMC program went live on...more
If you are a trade and legal compliance decision-maker, where can you go to learn, expand your export controls brain trust, and strengthen your strategy? At ACI’s Advanced Forum on Global Export Controls, you’ll connect...more
2025 has been an exceptionally active year for U.S. government contractors and grant recipients. The combination of executive orders, regulatory changes and legislative updates that have reshaped procurement, industrial...more
November 2025 has been a busy month for cybersecurity rules affecting government contractors. The long-awaited Cybersecurity Maturity Model Certification (CMMC) Program went into effect on November 10. We are now seeing the...more
After half a decade of development and review, the U.S. Department of Defense (DoD) will implement contracting regulations, effective November 10, 2025, making the Cybersecurity Maturity Model Certification (CMMC) Program a...more
Notwithstanding Executive Orders to reduce federal rules affecting industry in effect today, the Department of Defense (DOD) recently enacted new regulations by finalizing the Cybersecurity Maturity Model Certification (CMMC)...more
On September 9, 2025, the Department of Defense issued a long-awaited final rule regarding the Cybersecurity Maturity Model Certification (CMMC). This final rule which has been published in the Federal Register and amended...more
The wait is finally over, and U.S. Department of Defense (DoD) contractors need to be prepared. On September 10, 2025, DoD posted a final rule that will officially make Cybersecurity Maturity Model Certification (CMMC) a...more
On September 10, 2025, the U.S. Department of Defense (DoD) published a final rule that will shake up cybersecurity compliance for DoD contractors. The new rule formally incorporates the Cybersecurity Maturity Model...more
The U.S. Department of Defense (DOD) issued a final rule this month that fundamentally changes eligibility for DOD procurement by tying contract awards directly to cybersecurity readiness....more
WHAT: The U.S. Department of Defense (DOD) this month published the second of two final rules needed to begin phasing in the long-awaited Cybersecurity Maturity Model Certification (CMMC) Program. This final rule amends the...more
The Cybersecurity Maturity Model Certification (CMMC) has been a long-anticipated framework designed to bolster cybersecurity across the defense industrial base. After extensive development and revisions, the Department of...more
The wait is over. Five years after the Department of Defense (DoD) first introduced the Cybersecurity Maturing Model Certification (CMMC) program, the companion Final Rule was published in the Federal Register on Sept. 10....more
The Department of Defense (DoD) has issued its highly anticipated final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements for the Cybersecurity Maturity Model...more
The Pentagon has published the new rule to the Federal Register titled “Assessing Contractors’ Implementation of Cybersecurity Requirements.” ...more
This article is an update to McDermott Will & Schulte’s series on the US Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) Program. As DoD has now issued the final component of that program, the...more
On September 10, 2025, to borrow from the Beatles, the long and winding road brought DoD’s final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate Cybersecurity Maturity Model...more
The Department of Defense (DoD) has issued a Final Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to embed contractual requirements under the Cybersecurity Maturity Model Certification (CMMC)...more
The Department of Defense, and now War, (DoD) has issued its final rule updating the Cybersecurity Maturity Model Certification (CMMC) program through changes to the Defense Federal Acquisition Supplement (DFARS)....more
WHAT: The U.S. Department of Defense (DOD) has published the final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements for the Cybersecurity Maturity Model...more
Key point: Beginning November 10, 2025, DoD contracting officers will begin adding Cybersecurity Maturity Model Certification (CMMC) requirements to solicitations, and contracting officers “shall not award a contract, task...more
The U.S. Department of Defense (DOD) has issued the long-awaited final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program....more
This past month, the Department of Defense sent the final rule for the new Cybersecurity Maturity Model Certification (CMMC) program under the Federal Acquisition Regulation to the Office of Information and Regulatory Affairs...more
The White House and Department of Defense (DoD) have announced a series of new directives that will significantly impact the burgeoning domestic drone industry. This initiative, titled “Unleashing American Drone Dominance,”...more
The U.S. Department of Defense (DoD) recently issued a memorandum signaling that defense contractors soon will be required to comply with new cybersecurity compliance requirements. The memorandum establishes...more