Saturday, October 4, 2025
A new audit from the Defense Department inspector general finds gaps in the Pentagon's process to authorize 11 certified third-party assessment organizations that applied to be part of the Cybersecurity Maturity Model Certification program.
The Fiscal Year 2025 National Defense Authorization Act, signed into law by President Biden on Christmas Eve, directs the Defense Department's chief digital and artificial intelligence officer to establish the DOD hackathon program and features a report due within 180 days from the Director of National Intelligence on "the implications of the ransomware threat to United States national security."
The accreditation body behind the Pentagon’s Cybersecurity Maturity Model Certification program has announced next steps as the first rulemaking to implement the DOD initiative goes into effect, including a start date for assessments and the release of the assessment process guide.
Stakeholders from the information technology and defense industrial base are urging the Cybersecurity and Infrastructure Security Agency to consider a wider range of industry needs as part of an effort to update the national cyber incident response plan for the first time in eight years.
Major changes to the Pentagon's Cybersecurity Maturity Model Certification program go into effect today through a long-awaited final rulemaking establishing the program in the Code of Federal Regulations.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is working to achieve several milestones ahead of the Dec. 16 effective date for the first rulemaking that will formally launch the initiative.
Rep. Gary Palmer (R-AL) has introduced a Congressional Review Act resolution that would roll back a final rulemaking to establish the Pentagon's Cybersecurity Maturity Model Certification program, as part of an effort by the GOP lawmaker to put Congress in a position to weigh in on major regulatory initiatives.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is working with the ANSI National Accreditation Board (ANAB) on efforts to meet international standards and authorizations, according to Cyber AB CEO Matthew Travis.
The Pentagon has proposed new requirements for defense companies who are competing for information technology, operational technology and cybersecurity contracts to disclose information on source code and computer code that are being shared with foreign governments as part of the acquisition process.
The American Bar Association’s Public Contract Law section is urging the Defense Department to consider allowing a plan of action and milestones for contractors to address ongoing compliance issues with the Cybersecurity Maturity Model Certification program, as the Pentagon works to finalize a rulemaking to change its acquisition regulations.
The Edison Electric Institute is asking the Defense Department to scope what is considered controlled unclassified information in the context of the Cybersecurity Maturity Model Certification program, building on comments submitted in February to reflect the current situation with the acquisition-focused proposed rule.
The Coalition for Government Procurement is asking the Defense Department to provide guidance on when requirements under the Cybersecurity Maturity Model Certification program will go into effect for specific contracts, in response to a proposed rule to make changes to the Pentagon’s acquisition regulations.
Defense prime contractors will start to consider whether their suppliers are meeting requirements under the Cybersecurity Maturity Model Certification program as part of the selection process for subcontractors down the supply chain, as work to launch the Pentagon initiative gets closer to fruition.
The National Defense Industrial Association is raising concerns over how prime contractors will determine the maturity level needed for subcontracts and work through flow down requirements under the Pentagon’s final rule to establish the Cybersecurity Maturity Model Certification program.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is expecting an increase in the number of assessment firms and certified assessors who want to participate in the Defense Department initiative, as work gets underway to stand up a formal ecosystem under the final programmatic rule.
Two major defense associations are proposing to allow prime contractors access to an online system where companies who are part of the defense industrial base will provide the results of their Cybersecurity Model Certification assessments to the Pentagon.
The publication on Tuesday of the final rule to establish the Pentagon's Cybersecurity Maturity Model Certification program kicks off workstreams developed over the last three years, according to program director Buddy Dees who spoke with Inside Cybersecurity on efforts to prepare for the launch and assessment needs.
The Pentagon's decision to make many comments out of scope from its final rule on the Cybersecurity Maturity Model Certification program raises concerns over how the rollout will work in practice as contracting officers write requirements into solicitations, according to the Professional Services Council.
A coalition of industry groups is asking the Defense Department to make changes to its proposed acquisition rule for the Cybersecurity Maturity Model Certification program to address concerns over affirmation of compliance and how to track flow-down requirements in supply chains.
The Pentagon's final rule to implement the Cybersecurity Maturity Model Certification program addresses concerns from cloud service providers and managed service providers over how they can be used to help companies reach compliance with the Defense Department effort.