Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Marti Arvin and Anthony Buenger on the CMMC Framework
Cyber-attacks against America’s defense industrial base are becoming more sophisticated and more frequent. To reduce the risk of sensitive national security information landing in the hands of bad actors, the Department of...more
On December 26, 2023, the US Department of Defense (DoD) published its long-awaited proposed rule codifying the Cybersecurity Maturity Model Certification (CMMC) Program. The proposed CMMC rule will apply to all DoD...more
Earlier this month the Federal Acquisition Regulation (“FAR”) Council released two draft rules which would impose new cybersecurity requirements for federal contractors. The proposed rules, Cyber Threat and Incident Reporting...more
Aerojet Rocketdyne received another blow last week in its long running battle to end a 2015 False Claims Act suit alleging it lied about its compliance with cybersecurity requirements in order to win several federal...more
With the announcement of a revamped Cybersecurity Maturity Model Certification (known as CMMC 2.0),1 for the third time in five years, the U.S. Department of Defense (DOD) announced new, comprehensive cybersecurity standards...more
On January 31, 2020, the Department of Defense released Version 1.0 of its Cybersecurity Maturity Model Certification for defense contractors. The model is intended to incorporate and build upon existing cybersecurity...more
- DoD has released the final version of the CMMC framework. - DoD anticipates that CMMC requirements will appear in a limited number of solicitations starting in October 2020 and that they will appear in all DoD...more
On January 30, the US Department of Defense (DoD) released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC) framework, which will require DoD contractors and subcontractors to obtain third-party...more
Last week signaled a potential rude awakening for government contractors subject to cybersecurity requirements. A California U.S. district court ruled that allegations against Aerojet Rocketdyne could progress following a...more
In 2019, cybersecurity has become top-of-mind for most federal government contractors and agencies that share sensitive information. In addition to updated Department of Defense guidance and procedures for evaluating...more
Government agencies collect and hold massive amounts of personally identifiable information (PII), creating valuable targets for cybercrime. Recently proposed legislation would impose baseline standards for cyber hygiene on...more
Is Controlled Unclassified Information Out of Control? The OMB apparently thinks so. On August 11, 2015, the Obama administration, through the Office of Management and Budget (OMB), which is the largest office within the...more
In a move that highlights the changing winds of federal cybersecurity policy, the Department of Defense (“DoD”) has issued an interim Rule (“Rule”) that imposes new security and reporting requirements on federal contractors,...more
The Department of Defense (DoD) released interim rules implementing provisions of the 2013 and 2015 National Defense Authorization Acts. The rules, released on Aug. 26, 2015, are effective immediately and establish the...more
The Office of Management and Budget (OMB) released a draft guidance document on Aug. 11, 2015, titled “Improving Cybersecurity Protection in Federal Acquisitions” (the “OMB Guidance”). The OMB Guidance instructs agencies on...more