Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
Podcast - The State of Contractor Cybersecurity with Katie Arrington
What Do the Newly Released CMMC 2.1 Documents Mean?
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
Compliance Into The Weeds - Retreat on DoD Cybersecurity for Contractors
Cybersecurity Maturity Model Certification (CMMC) is coming — and now appears to be coming faster than many defense contractors believed. In the latest signal of CMMC’s forward momentum, the Department of Defense (DoD) issued...more
Sequels are rarely better than the films that precede them, and yet, sometimes a story is just too compelling to be limited to just one film. At the tail end of a summer full of Hollywood sequels, the Department of Defense...more
The United States Department of Defense (DoD) took another big step on the path to instituting its highly anticipated Cybersecurity Maturity Model Certification 2.0 program (CMMC 2.0). Once finalized, CMMC 2.0 will establish...more
The Cybersecurity Maturity Model Certification (CMMC) Program has been a headache for many defense contractors since the idea was first introduced in 2019. The program seeks to protect unclassified information, including...more
Concerns regarding the integrity of the U.S. defense industrial base supply chain continue to grow. Similar to national cybersecurity risks, national security risks to the defense supply chain are asymmetric and can arise at...more
The National Institute of Standards and Technology (NIST) released the third revision of its Special Publication (SP) 800-171, "Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations." This...more
On May 2, the Department of Defense (DOD) issued a class deviation to DFARS 252.204-7012 “to provide industry time for a more deliberate transition upon the forthcoming release of [National Institute of Standards and...more
On December 26, 2023, the Department of Defense (“DoD”) belatedly gifted defense contractors and subcontractors a Proposed Rule on the Cybersecurity Maturity Model Certification (“CMMC”) Program. DoD also released eight CMMC...more
The US Department of Defense (DoD) has issued a proposed rule to implement its long-awaited Cybersecurity Maturity Model Certification program (CMMC 2.0). This proposed rule — released on December 26, 2023, and published in...more
In an era where digital threats are ever-evolving, ensuring the security of sensitive government data is paramount, especially for government contractors working on defense contracts. Join PilieroMazza’s Cy Alba and Daniel...more
Well, the wait is over. Just as 2023 came to a close, on December 26, 2023, the Department of Defense (“DoD”) published the much-anticipated Proposed Rule for the DoD’s Cybersecurity Maturity Model Certification (“CMMC”)...more
The Department of Defense (DoD) delivered its proposed Cybersecurity Maturity Model Certification Program rule (CMMC) the day after Christmas this year, including several related guidance documents (listed here). The proposed...more
A recently unsealed False Claims Act qui tam complaint against Penn State is the latest in line with DOJ’s Civil Cyber-Fraud Initiative. The case is United States ex rel. Matthew Decker v. Pennsylvania State University,...more
Contractors that do business with the U.S. Department of Defense (DoD) and handle Controlled Unclassified Information (CUI) have been awaiting the issuance of a rule implementing the Cybersecurity Maturity Model Certification...more
The Federal Acquisition Regulatory Council (FAR Council) announced it was preparing a proposed rule to standardize cybersecurity requirements for unclassified Federal Information Systems across federal agencies in accordance...more
The Department of Justice recently announced the launch of a Civil Cyber-Fraud Initiative, which has direct implications for government contractors and serves as a warning that slack cybersecurity practices will be a target...more
For nearly two years, we have been reporting on this blog about the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program. CMMC is a training, certification, and third-party assessment...more
Defense contractors and their subcontractors and supply chains that have been preparing for the challenge of complying with the Cybersecurity Maturity Model Certification (CMMC) recently received some welcome news from the...more
On November 4, 2021, the U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) announced Version 2.0 of the highly publicized Cybersecurity Maturity Model...more
People like to say that cybersecurity threats are constantly evolving. So perhaps it’s fitting that cybersecurity compliance is undergoing a significant evolution of its own this year, too. That evolution is the arrival of...more
Last month, the U.S. Court of Appeals for the Federal Circuit’s (Federal Circuit) opinion in The Boeing Co. v. Secretary of the Air Force shed additional light on the technical data rights of contractors under defense...more
On September 29, 2020, the Department of Defense (DoD) issued an interim rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to create new assessment and certification requirements for DoD contractors....more
The Defense Federal Acquisition Regulation Supplement (“DFARS”) 252.204-7008 and 252.204-7012 require defense contractors who possess, store or transmit “covered defense information” to comply with the security requirements...more
On January 30, 2020, the U.S. Department of Defense (“DoD”) released Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”) framework (CMMC overview here; CMMC Version 1.0 and appendices here). By 2026, DoD...more
The U.S. Department of Defense (DoD) released version 1.0 of its Cybersecurity Maturity Model Certification (known as CMMC) on Jan. 31, 2020. The CMMC model draws heavily on the National Institute for Standards and...more