Saturday, October 4, 2025
The Defense Department has updated its website for the Cybersecurity Maturity Model Certification program with the latest versions of guides for the assessment and scoping, the CMMC model and a FAQ explaining key changes, as work gets underway to implement a final rule to establish the DOD initiative.
The Pentagon has unveiled its plans to launch the Cybersecurity Maturity Model Certification through a final rule published today laying out key definitions, applicability for contractors and parameters for the assessment process.
The Information Technology Industry Council identifies concerns over the Pentagon's plans on cyber incident reporting from contractors in the context of the Cybersecurity Maturity Model Certification program, in response to a proposed rulemaking focused on acquisition requirements.
The Defense Department has released the final rule to formally establish the Cybersecurity Maturity Model Certification program, marking a major step forward in the Pentagon's work to launch version 2.0 of the initiative nearly three years after an internal review.
The programmatic rule to formally launch the Pentagon's Cybersecurity Maturity Model Certification program is "imminent," according to Defense Department cyber chief David McKeown, who provided a rundown of where things stand with the rulemaking process and opportunities to help contractors reach compliance.
A recent study from security firm CyberSheath finds only 4% of defense contractors are fully prepared to meet upcoming security requirements under the Pentagon's Cybersecurity Maturity Model Certification program, based on a survey of defense industrial base stakeholders.
A final rule to implement the Pentagon's Cybersecurity Maturity Certification program has cleared the interagency regulatory review process, setting up publication in the Federal Register within the 60 days needed during the current legislative term to meet the Congressional Review Act requirements.
Deputy National Security Adviser for Cybersecurity Anne Neuberger highlighted the benefits of artificial intelligence when it comes to cybersecurity at the Billington Cybersecurity Summit and offered a sneak peek into a potential cyber executive order that will incorporate lessons learned.
The Justice Department has announced the disruption of two covert foreign malign influence campaigns backed by the Russian government and targeted at impacting the 2024 election and spreading propaganda in support of the Russian invasion of Ukraine.
Lawyers from two major law firms are flagging key aspects of the Pentagon's latest proposed rule to implement its Cybersecurity Maturity Model Certification program, with a focus on new requirements and other considerations for contractors.
The Defense Department's proposed rule for acquisition purposes proposes alternative approaches to implement its Cybersecurity Maturity Model Certification program, while explaining why the Pentagon is moving forward with its preferred option.
The Professional Services Council wants the Defense Department to focus on making its upcoming Cybersecurity Maturity Model Certification program "executable" for government contractors and the Pentagon, according to PSC president and CEO David Berteau, as the major initiative reaches a new milestone with the publication of a second rulemaking focused on acquisition.
Stakeholders in the defense industrial base are gaining more clarity into the Defense Department's upcoming acquisition requirements for the Cybersecurity Maturity Model Certification program in a proposed rule published today in the Federal Register.
The Defense Department has issued a long-awaited proposed rule to establish acquisition requirements for version 2.0 of the Pentagon's Cybersecurity Maturity Model Certification program, with details on the implementation timeline and supply chain flow-down to subcontractors.
The second rulemaking to implement version 2.0 of the Pentagon's Cybersecurity Maturity Model Certification program has cleared the interagency regulatory review process at the Office of Management and Budget, setting up the potential for the closely watched initiative to be put into place by the end of the year.
The National Defense Industrial Association is concerned over the Defense Department's ability to have enough capacity for the demand in assessments once the Cybersecurity Maturity Model Certification program gets up and running following the conclusion of the rulemaking process.
The Cybersecurity and Infrastructure Security Agency should consider current reporting requirements for defense contractors as it continues work to implement a mandatory incident reporting regime that goes across critical infrastructure sectors, according to defense groups who filed comments on CISA's upcoming regulation.
The Defense Department plans to finalize in November its first final rule for the Cybersecurity Maturity Model Certification program amending Title 32 of the Code of Federal Regulations, according to the latest unified agenda and regulatory plan.
The Senate Armed Services Committee outlined its concerns over the implementation of the Pentagon's Cybersecurity Maturity Model Certification program and the upcoming launch of version 2.0 in the report accompanying its version of the fiscal year 2025 defense authorization bill.
The technology sector raises several questions in its submission to the Cybersecurity and Infrastructure Security Agency on what constitutes a need for incident reporting under the upcoming mandatory regime, including how to address product security and potential reporting on vulnerabilities.