Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - The Role of Managed Service Providers with Stuart Itkin
The When, Where, Why and How of CMMC with Fernando Machado
Podcast - The State of Contractor Cybersecurity with Katie Arrington
What Do the Newly Released CMMC 2.1 Documents Mean?
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
Cybersecurity for Government Contractors: Success Through Compliance Readiness
Torres Talks Trade Podcast- Episode 2- Cybersecurity, the Department of Defense, and the Private Sector/Government Contracting
Compliance Into The Weeds - Retreat on DoD Cybersecurity for Contractors
Cybersecurity and 889 Compliance in 2021: What Government Contractors Need to Know
Marti Arvin and Anthony Buenger on the CMMC Framework
COVID-19’s Impact on Cybersecurity – Don’t Let Your Data Privacy, Security and Regulatory Compliance Waver
Government Contracts Cyber Café Series: Documentation - Straight Talk About CMMC
CMMC Is Coming: Are You Ready?
Government Contracts Cyber Café: 2019 Wrap Up and Privacy, CMMC, and GRC in 2020
Government Contracts Cyber Café: Emerging Evolution of Cybersecurity Maturity Model Certification
On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed...more
As the regulatory environment continues to evolve in the new administration, U.S. government contractors are facing an increasingly complex array of legal challenges. Staying compliant and competitive requires close attention...more
After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more
To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
The Department of Defense (DoD) published the updated Cybersecurity Maturity Model Certification (CMMC) Program to enforce existing cybersecurity standards across the defense industrial base. This program is designed to...more
On October 15, 2024, the Department of Defense (“DoD”) released its final rule (the “Final Rule”) formally establishing the Cybersecurity Maturity Model Certification (“CMMC”) program, nearly three years after first...more
On October 15, 2024, the Department of Defense (DoD) published the final rule for the Cybersecurity Maturity Model Certification (CMMC) Program that not only finalizes the long-anticipated CMMC Rule but also foreshadows what...more
After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the...more
In recent years, the U.S. Department of Justice has ramped up its examination of cybersecurity compliance among federal contractors, with a particular focus on academic institutions....more
The CMMC program is designed to ensure that federal contract information (“FCI”) and Controlled Unclassified Information (“CUI”) are sufficiently protected by government contractors. For example, the CMMC program requires...more
The Department of Defense (DoD) published a Final Rule earlier this month formally implementing the Cybersecurity Maturity Model Certification (CMMC) Program. This Final Rule is the culmination of five years of work to...more
Less than 10 months after the issuance of its proposed rule, DoD has issued this final rule establishing the CMMC program. DoD’s issuance of the final rule demonstrates the government’s continued commitment to...more
The U.S. Department of Defense (DOD) has published a Final Rule to implement the Cybersecurity Maturity Model Certification (CMMC) program, which establishes minimum cybersecurity requirements for nearly all DOD contracts....more
The U.S. Department of Defense (DOD) has long questioned whether contractors and their supply chains have been fully compliant with existing cybersecurity requirements aimed at protecting Controlled Unclassified Information...more
Cybersecurity requirements for federal contractors and grantees continue to proliferate—and those requirements do not just come with contractual risk. Increasingly, the United States government is leveraging enforcement...more
The U.S. Department of Defense (DOD) issued the proposed Defense Federal Acquisition Regulation Supplement (DFARS) rules that will implement the Cybersecurity Maturity Model Certification (CMMC) program. These rules, which...more
The DoD takes yet another step towards full implementation of CMMC 2.0. The proposed rule aims to implement many of the aspects of the Cybersecurity Maturity Model Certification program by amending the Department of...more
Defense contractors and subcontractors that handle Controlled Unclassified Information (CUI) and do not have robust information-security system controls in place better get their house in order now if they want to do business...more
Government Contracts and cybersecurity attorney Eric Crusius was interviewed by Federal News Network about the forthcoming final rule on the U.S. Department of Defense's (DOD) Cybersecurity Maturity Model Certification (CMMC)...more
Two years after announcing the second iteration of the U.S. Department of Defense's (DoD) Cybersecurity Maturity Model Certification (CMMC) program, the DoD released its proposed rule that, if adopted, will implement the...more
The Inspector General (IG) for the U.S. Department of Defense (DOD) issued a report critical of recent efforts by contractors to protect Controlled Unclassified Information (CUI). The report, which followed the DOD IG's...more
Learning Objectives - What is CMMC and should I care? - Cybersecurity is crucial for compliance in any company - Is NIST 800-171 (The CMMC Framework) worth employing? - Thoughts and observations from the field...more
A few weeks ago, we discussed two recent cyber-related False Claims Act (FCA) cases. One of those cases is a qui tam lawsuit against Penn State and, as of the date of our article, we were waiting to see if DOJ would opt to...more
Cybersecurity has been an important topic for many years now, yet the government has struggled with how to flow down cybersecurity obligations to its supply chain. The Department of Defense’s (DOD) Cybersecurity Maturity...more
The U.S. Department of Defense (DoD) recently released a memorandum signaling its increasing willingness to review contractor compliance with cybersecurity standards in its contracts and take action against noncompliant...more