Saturday, October 4, 2025
The Defense Department has submitted the first final rule to implement its Cybersecurity Maturity Model Certification program to the White House Office of Management and Budget's Office of Information and Regulatory Affairs, marking a significant milestone in getting the necessary regulatory steps in order to officially launch the Pentagon initiative.
The Commerce Department is using its review authority over foreign transactions in the information and communications technology and services sector to ban Kaspersky software from use in the United States, utilizing a controversial Trump-era rulemaking also leveraged under the Biden administration to address national security risks.
Longtime National Security Agency official Kristina Walter is returning to her cyber roots, becoming chief of the intelligence agency's Cybersecurity Collaboration Center after a stint in charge of a federal initiative on workforce development.
The House Armed Services Committee added amendments to the fiscal year 2025 defense authorization bill in a mark-up session requiring federal contractors to have a vulnerability disclosure policy and ordering studies from the Pentagon on critical infrastructure threats.
The House Armed Services Committee kicks off the process today of marking up the fiscal year 2025 defense authorization bill, with proposals on the table to secure mobile devices used within the Defense Department, bring on voluntary cyber experts and address concerns over artificial intelligence costs.
A proposed rule to amend the Defense Department’s acquisition policies for the Cybersecurity Maturity Model Certification program has entered the Office of Management and Budget review process.
The National Institute of Standards and Technology's final update to two publications focused on controlled unclassified information puts in place "organization-defined parameters" and the ability for agencies to make determinations on what meets their needs.
MITRE has raised issues with potential costs for contractors who want to do business with the Defense Department in addressing assessment gaps and accommodating for potential future changes in the maturity model for the upcoming Pentagon cyber certification program, in response to a proposed rule to implement the program.
The National Defense Information Sharing and Analysis Center has published a "shopping guide" to help small and medium-sized businesses pick an assessor who meets their needs to reach compliance with the Pentagon's Cybersecurity Maturity Model Certification program.
The Coalition for Government Procurement is seeking clarity on how the Defense Department will allow external service providers to play a role in achieving compliance with the Pentagon's Cybersecurity Maturity Model Certification program, in a filing on the proposed rule to implement the effort.
The Canadian government is asking the Defense Department to facilitate establishing reciprocity between the Pentagon's Cybersecurity Maturity Model Certification program and Canada's new cybersecurity framework, in response to a DOD proposed rule to implement the U.S. initiative.
The Edison Electric Institute is making recommendations for how controlled unclassified information should be addressed in Defense Department contracts with Cybersecurity Maturity Model Certification requirements in a manner that aligns with current practices for sharing sensitive data in the electric sector.
Wireless group CTIA supports the Defense Department's decision to create an exemption for telecommunications providers under the Cybersecurity Maturity Model Certification program, while asking for more guidance on the trigger for applicability in the response to a proposed rule on implementation.
The Office of Advocacy at the Small Business Administration has outlined four areas of concern in the Pentagon's proposed rule to implement the Cybersecurity Maturity Model Certification program.
The Defense Department has finalized a rulemaking to expand eligibility requirements for its defense industrial base information sharing program.
The American Gas Association is asking the Defense Department to consider potential avenues where contractors and subcontractors can use cyber policies at other agencies to fulfill requirements under the Cybersecurity Maturity Model Certification program.
The Information Technology Industry Council sees an opportunity for the Pentagon's Cybersecurity Maturity Model Certification program to become a standard across the federal government, according to a filing from the trade association on the first CMMC proposed rule.
The Professional Services Council is calling for the Defense Department to do further analysis on potential costs for contractors and their suppliers to comply with the Cybersecurity Maturity Model Certification program before finalizing proposed regulations.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program is suggesting changes to the proposed rule to implement the major initiative, including involving the Defense Department in the assessment appeals process and establishing consistency in conflict-of-interest requirements.
A coalition of industry groups led by the U.S. Chamber of Commerce is seeking flexibility when it comes to implementing requirements in the Pentagon’s Cybersecurity Maturity Model Certification program, arguing that it is needed to address compliance costs as work to finalize regulations gets underway.