Major changes to the Pentagon's Cybersecurity Maturity Model Certification program go into effect today through a long-awaited final rulemaking establishing the program in the Code of Federal Regulations.
Monday, April 28, 2025
Monday, April 28, 2025
Major changes to the Pentagon's Cybersecurity Maturity Model Certification program go into effect today through a long-awaited final rulemaking establishing the program in the Code of Federal Regulations.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is working to achieve several milestones ahead of the Dec. 16 effective date for the first rulemaking that will formally launch the initiative.
Rep. Gary Palmer (R-AL) has introduced a Congressional Review Act resolution that would roll back a final rulemaking to establish the Pentagon's Cybersecurity Maturity Model Certification program, as part of an effort by the GOP lawmaker to put Congress in a position to weigh in on major regulatory initiatives.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is working with the ANSI National Accreditation Board (ANAB) on efforts to meet international standards and authorizations, according to Cyber AB CEO Matthew Travis.
The Pentagon has proposed new requirements for defense companies who are competing for information technology, operational technology and cybersecurity contracts to disclose information on source code and computer code that are being shared with foreign governments as part of the acquisition process.
The American Bar Association’s Public Contract Law section is urging the Defense Department to consider allowing a plan of action and milestones for contractors to address ongoing compliance issues with the Cybersecurity Maturity Model Certification program, as the Pentagon works to finalize a rulemaking to change its acquisition regulations.
The Edison Electric Institute is asking the Defense Department to scope what is considered controlled unclassified information in the context of the Cybersecurity Maturity Model Certification program, building on comments submitted in February to reflect the current situation with the acquisition-focused proposed rule.
The Coalition for Government Procurement is asking the Defense Department to provide guidance on when requirements under the Cybersecurity Maturity Model Certification program will go into effect for specific contracts, in response to a proposed rule to make changes to the Pentagon’s acquisition regulations.
Defense prime contractors will start to consider whether their suppliers are meeting requirements under the Cybersecurity Maturity Model Certification program as part of the selection process for subcontractors down the supply chain, as work to launch the Pentagon initiative gets closer to fruition.
The National Defense Industrial Association is raising concerns over how prime contractors will determine the maturity level needed for subcontracts and work through flow down requirements under the Pentagon’s final rule to establish the Cybersecurity Maturity Model Certification program.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is expecting an increase in the number of assessment firms and certified assessors who want to participate in the Defense Department initiative, as work gets underway to stand up a formal ecosystem under the final programmatic rule.
Two major defense associations are proposing to allow prime contractors access to an online system where companies who are part of the defense industrial base will provide the results of their Cybersecurity Model Certification assessments to the Pentagon.
The publication on Tuesday of the final rule to establish the Pentagon's Cybersecurity Maturity Model Certification program kicks off workstreams developed over the last three years, according to program director Buddy Dees who spoke with Inside Cybersecurity on efforts to prepare for the launch and assessment needs.
The Pentagon's decision to make many comments out of scope from its final rule on the Cybersecurity Maturity Model Certification program raises concerns over how the rollout will work in practice as contracting officers write requirements into solicitations, according to the Professional Services Council.
A coalition of industry groups is asking the Defense Department to make changes to its proposed acquisition rule for the Cybersecurity Maturity Model Certification program to address concerns over affirmation of compliance and how to track flow-down requirements in supply chains.
The Pentagon's final rule to implement the Cybersecurity Maturity Model Certification program addresses concerns from cloud service providers and managed service providers over how they can be used to help companies reach compliance with the Defense Department effort.
The Defense Department has updated its website for the Cybersecurity Maturity Model Certification program with the latest versions of guides for the assessment and scoping, the CMMC model and a FAQ explaining key changes, as work gets underway to implement a final rule to establish the DOD initiative.
The Pentagon has unveiled its plans to launch the Cybersecurity Maturity Model Certification through a final rule published today laying out key definitions, applicability for contractors and parameters for the assessment process.
The Information Technology Industry Council identifies concerns over the Pentagon's plans on cyber incident reporting from contractors in the context of the Cybersecurity Maturity Model Certification program, in response to a proposed rulemaking focused on acquisition requirements.
The Defense Department has released the final rule to formally establish the Cybersecurity Maturity Model Certification program, marking a major step forward in the Pentagon's work to launch version 2.0 of the initiative nearly three years after an internal review.