News & Analysis as of June 9, 2025

DFARS

+ Follow

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations. In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -

The “Prestige”: DoD Unveils NIST SP 800-171 Revision 3, Organizationally Defined Parameters

McCarter & English Blog: Government Contracts... on 4/28/2025

On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed...more

At Long Last – The FAR CUI Rule is Here!

Sheppard Mullin Richter & Hampton LLP on 1/30/2025

The wait is finally over! After more than 14 years of anticipation, the Federal Acquisition Regulation (“FAR”) Proposed Rule on Controlled Unclassified Information (“CUI”) was released on January 15, 2025 and comes as part of...more

They Did It. They Really Did It! The Arrival of the FAR CUI Proposed Rule

McCarter & English Blog: Government Contracts... on 1/17/2025

After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more

Governmental Practice Cybersecurity and Data Protection: 2024 Recap & 2025 Forecast Alert

Sheppard Mullin Richter & Hampton LLP on 1/8/2025

To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more

DoD Releases Final CMMC Program Rule, Formally Initiating Its Cybersecurity Program

Vinson & Elkins LLP on 11/22/2024

On October 15, 2024, the Department of Defense (“DoD”) released its final rule (the “Final Rule”) formally establishing the Cybersecurity Maturity Model Certification (“CMMC”) program, nearly three years after first...more

DoD Announces Cybersecurity Maturity Model Certification 2.0 Final Rule (Finally!)

Bass, Berry & Sims PLC on 11/12/2024

After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the...more

The Department of Defense Issues Final Rule Establishing CMMC 2.0

Pillsbury Winthrop Shaw Pittman LLP on 10/25/2024

Less than 10 months after the issuance of its proposed rule, DoD has issued this final rule establishing the CMMC program. DoD’s issuance of the final rule demonstrates the government’s continued commitment to...more

Department of Defense Finalizes Rule Adding New Cybersecurity Requirements for Defense Contractors and Subcontractors

Snell & Wilmer on 10/23/2024

The U.S. Department of Defense (DOD) has published a Final Rule to implement the Cybersecurity Maturity Model Certification (CMMC) program, which establishes minimum cybersecurity requirements for nearly all DOD contracts....more

15 Key Takeaways from the Final CMMC Program Rule Issued by DOD

Holland & Knight LLP on 10/17/2024

The U.S. Department of Defense (DOD) has long questioned whether contractors and their supply chains have been fully compliant with existing cybersecurity requirements aimed at protecting Controlled Unclassified Information...more

U.S. Government Intervenes in Georgia Tech Cybersecurity False Claims Case

Pillsbury Winthrop Shaw Pittman LLP on 9/9/2024

The Georgia Tech case serves as yet another reminder of the importance of contractor compliance with cybersecurity requirements in federal contracts. The Government alleges that Georgia Tech failed to comply with the...more

DOJ on Campus: DOJ’s First Intervention in False Claims Act Case Alleging University Knowingly Failed to Meet Contractual...

Dorsey & Whitney LLP on 9/5/2024

Cybersecurity requirements for federal contractors and grantees continue to proliferate—and those requirements do not just come with contractual risk. Increasingly, the United States government is leveraging enforcement...more

DOJ Brings Suit Against University Under Its Civil Cyber-Fraud Initiative

Holland & Knight LLP on 8/28/2024

Late last week, the U.S. Department of Justice (DOJ) filed its complaint-in-intervention in a qui tam lawsuit against the Georgia Institute of Technology (Georgia Tech), alleging that the university failed to meet certain...more

The Pentagon's CMMC Program Takes a Big Step Forward

Holland & Knight LLP on 8/22/2024

The U.S. Department of Defense (DOD) issued the proposed Defense Federal Acquisition Regulation Supplement (DFARS) rules that will implement the Cybersecurity Maturity Model Certification (CMMC) program. These rules, which...more

DoD Issues Proposed DFARS Rule to Implement CMMC 2.0

McDermott Will & Emery on 8/20/2024

The US Department of Defense (DoD) took the next step in implementing the Cybersecurity Maturity Model Certification (CMMC) Program on August 15, 2024, when it issued a Proposed Rule to amend the Defense Federal Acquisition...more

The Department of Defense Issues New Proposed Rule Implementing Contractual Requirements Related to CMMC 2.0

Pillsbury Winthrop Shaw Pittman LLP on 8/20/2024

The DoD takes yet another step towards full implementation of CMMC 2.0. The proposed rule aims to implement many of the aspects of the Cybersecurity Maturity Model Certification program by amending the Department of...more

Department of Defense Releases Long-Awaited CMMC Proposed Rule

Holland & Knight LLP on 12/28/2023

Two years after announcing the second iteration of the U.S. Department of Defense's (DoD) Cybersecurity Maturity Model Certification (CMMC) program, the DoD released its proposed rule that, if adopted, will implement the...more

Update – DOJ Declines to Intervene in Penn State Cyber-Related FCA Case

Sheppard Mullin Richter & Hampton LLP on 10/3/2023

A few weeks ago, we discussed two recent cyber-related False Claims Act (FCA) cases. One of those cases is a qui tam lawsuit against Penn State and, as of the date of our article, we were waiting to see if DOJ would opt to...more

U.S. Department of Defense Tightens Screws on Cybersecurity Compliance

Holland & Knight LLP on 7/14/2022

The U.S. Department of Defense (DoD) recently released a memorandum signaling its increasing willingness to review contractor compliance with cybersecurity standards in its contracts and take action against noncompliant...more

DoD Increases Focus on Cybersecurity Compliance

Pillsbury Winthrop Shaw Pittman LLP on 7/7/2022

A recent DoD memorandum should serve as a warning to contractors that they need to focus on cybersecurity compliance now or risk serious consequences. A recent DoD memorandum should serve as a warning to contractors that...more

DOD Memo Identifies Penalties for Noncompliance with DFARS Cyber Requirements

Fox Rothschild LLP on 6/24/2022

While Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) is still a work in progress, federal contractors should beware of the existing DFARS cybersecurity requirements. ...more

Department of Justice Announces New Civil Cyber-Fraud Initiative – What This Means for Federal Contractors

Woods Rogers on 11/23/2021

Recently, Deputy Attorney General Lisa O. Monaco announced the Department of Justice’s new Civil Cyber-Fraud Initiative, aimed at combatting “new and emerging cyber threats to the security of sensitive information and...more

CMMC 2.0: DoD Scales Back Certification and Streamlines Cybersecurity Requirements for Defense Contractors

Miles & Stockbridge P.C. on 11/12/2021

On November 4, 2021, the U.S. Department of Defense (DoD) Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) announced Version 2.0 of the highly publicized Cybersecurity Maturity Model...more

CMMC Is Coming: How Government Contractors Can Prepare

NAVEX on 4/14/2021

People like to say that cybersecurity threats are constantly evolving. So perhaps it’s fitting that cybersecurity compliance is undergoing a significant evolution of its own this year, too. That evolution is the arrival of...more

DoD Has Two New Cybersecurity Frameworks

Bradley Arant Boult Cummings LLP on 10/8/2020

A recent interim rule from the Department of Defense (DoD) would create a new self-assessment methodology for the cybersecurity requirements in NIST SP 800-171. The same rule also would implement the Cybersecurity Maturity...more

It’s Here! DoD Issues Interim Rule Launching Two Cyber Assessment Programs

Bass, Berry & Sims PLC on 10/7/2020

For over a year, we have been discussing the Department of Defense’s (DoD) eventual implementation of a Cybersecurity Maturity Model Certification (CMMC) program for Defense contractors, most recently during a webinar in...more

26 Results

View per page

Page: of 2

Compliance › Cybersecurity Maturity Model Certification (CMMC) › DFARS

"My best business intelligence, in one easy email…"