The Rise of OTAs in Defense Contracting: Opportunities, Risks, and What Contractors Need to Know
Podcast - Navigating the Updated SF-328 Form
Podcast - A Comparative Guide to Obtaining an FCL: DCSA vs. the Intelligence Community
Diversifying Your Contract Pipeline by Maximizing Opportunities through the DOD’s Mentor Protégé Program
A Comprehensive Overview of FOCI Mitigation
Podcast - Defense Dynamics: Navigating the Post-Election Landscape for the National Security Sector, Part 2
Mitigating FOCI Under Section 847
Episode 345 -- Raytheon Pays $950 Million to Resolve Fraud, FCPA, ITAR and False Claims Act Violations
Everyone Come to Play: Exploring FOCI Mitigation Instruments
Defense Dynamics: Navigating the Post-Election Landscape for the National Security Sector
Podcast - Navigating M&A Due Diligence: Safeguarding Security Clearances
Podcast - Change Condition Packages: Tips for Cleared Contractors
Podcast - Corporate Documents in the Context of Clearances
Navigating Personnel Security Clearances (PCLs)
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
What Is an FCL and How Do I Obtain One?
Protecting Our Nation’s Data: Cybersecurity Compliance for Government Contractors
Intellectual Property In Department of Defense Contracting
The When, Where, Why and How of CMMC with Fernando Machado
A final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) is on track to go into effect on November 10, 2025. At that point, DoD solicitations and contracts will need to include Cybersecurity...more
The Department of Defense (DoD) recently published in the Federal Register its long-awaited final rule (the Rule) amending the Defense Federal Acquisition Regulation Supplement (DFARS) to formally implement the Cybersecurity...more
On September 10, 2025, the U.S. Department of Defense (DoD) published its long-awaited final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the...more
On September 9, 2025, the Department of Defense (DOD) released its long-anticipated final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. As discussed previously, this rule marks a significant...more
The Department of Defense (DoD) has issued a Final Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to embed contractual requirements under the Cybersecurity Maturity Model Certification (CMMC)...more
The Department of Defense, and now War, (DoD) has issued its final rule updating the Cybersecurity Maturity Model Certification (CMMC) program through changes to the Defense Federal Acquisition Supplement (DFARS)....more
WHAT: The U.S. Department of Defense (DOD) has published the final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements for the Cybersecurity Maturity Model...more
After years of drafts and interim measures, the Department of Defense (“DOD”) has issued the final Defense Federal Acquisition Regulation Supplement (“DFARS”) rule implementing the Cybersecurity Maturity Model Certification...more
Key point: Beginning November 10, 2025, DoD contracting officers will begin adding Cybersecurity Maturity Model Certification (CMMC) requirements to solicitations, and contracting officers “shall not award a contract, task...more
The Department of Defense (DoD) has issued its long-awaited final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program into the Defense Federal Acquisition Regulation Supplement (DFARS). The rule...more
The U.S. Department of Defense (DOD) has issued the long-awaited final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program....more
Key point: CMMC took another step towards reality, with OIRA clearing for publication the DFARS proposed rule that will add CMMC requirements as a condition of award for new contracts. What happened: On August 25, 2025, the...more
The U.S. Department of Defense (DOD) obligates about half a trillion dollars a year to private contractors for everything from high-end weapons and data systems to basic goods and services like fuel, shipping, food, and...more
Cyber-attacks against America’s defense industrial base are becoming more sophisticated and more frequent. To reduce the risk of sensitive national security information landing in the hands of bad actors, the Department of...more
On April 15, 2025, the Department of Defense (DoD) released official guidance on Organizationally Defined Parameters (ODPs) appearing in the newly published NIST SP 800-171 Revision 3. At the same time, the DoD reaffirmed...more
The Department of Defense (DoD) recently issued a memo titled, "Implementing the Cybersecurity Maturity Model Certification (CMMC) Program: Guidance for Determining Appropriate CMMC Compliance Assessment Levels and Process...more
After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more
To kick off the New Year (and as is now tradition, since we put out a similar Recap & Forecast last year), Sheppard Mullin’s Governmental Practice Cybersecurity & Data Protection Team has prepared a cybersecurity-focused 2024...more
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
On October 15, 2024, the U.S. Department of Defense (DoD) published a Final Rule implementing the Cybersecurity Maturity Model Certification (CMMC) 2.0 Program....more
On October 15, 2024, the Department of Defense (“DoD”) released its final rule (the “Final Rule”) formally establishing the Cybersecurity Maturity Model Certification (“CMMC”) program, nearly three years after first...more
Part of the Biden Administration’s push to enhance U.S. cybersecurity capabilities has focused on imposing new requirements on government contractors. The 2023 National Cybersecurity Strategy suggested, for example, that...more
The US Department of Defense (DOD) finalized a rule that takes the next steps toward fully implementing the Cybersecurity Maturity Model Certification (CMMC) 2.0 program. This rule formalizes compliance requirements that will...more
The Department of Defense (DoD) has officially launched the Cybersecurity Maturity Model Certification (CMMC) Program, which requires federal contractors and subcontractors across the Defense Industrial Base (DIB) to comply...more
After numerous fits and starts, on October 14, the Department of Defense (DoD) published a final rule implementing the Cybersecurity Maturity Model Certification (CMMC) program. Borne from documented deficiencies in the...more