Saturday, October 4, 2025
The Aerospace Industries Association is asking the Defense Department to provide information on how it will address flow-down requirements and the roles and responsibilities for primes and subcontractors, in response to the first proposed rule for the Pentagon's Cybersecurity Maturity Model Certification program.
A coalition representing large defense and tech groups is asking the Defense Department to provide clarity on marking controlled unclassified information, defining responsibilities in contracts and flexibility on addressing assessment gaps, in formal comments on the first proposed rule for the Pentagon's Cybersecurity Maturity Model Certification program.
The Pentagon's Cybersecurity Maturity Model Certification program enters a new stage this week with the end of the public comment period for a massive, proposed rulemaking that sets up parameters to implement the long-awaited initiative.
The Defense Department is limiting its engagement plans to an "informational" video for the first rulemaking under the Pentagon's Cybersecurity Maturity Model Certification program in advance of the Feb. 26 comment deadline, according to a Federal Register notice published today.
Pentagon officials are providing an overview of major ecosystem components and upcoming regulations for the Cybersecurity Maturity Model Certification program in a new recorded video posted in advance of a Feb. 26 public comment deadline for the first rulemaking and eight draft guidance documents.
The Defense Department is turning down a request from industry groups to extend the comment period for its long-awaited proposed rule to implement the Cybersecurity Maturity Model Certification program, according to a Pentagon spokesperson.
A coalition representing major defense associations and government contractors is asking the Defense Department to extend the comment period for a proposed rule to implement the Pentagon's cyber certification program, in a new letter highlighting three public comment periods for cyber rulemakings that closed last week.
The Energy Department has published a guide comparing its voluntary maturity model for developing cybersecurity plans to the Pentagon's upcoming program for defense contractors who are handling sensitive government data on nonfederal systems.
The accreditation body behind the Pentagon's Cybersecurity Maturity Model Certification program plans to release a new draft of its assessment process guide, known as "the CAP," for public comment before the Defense Department completes its rulemaking efforts to finalize the program, according to CEO Matthew Travis.
The Aerospace Industries Association is advocating for the Defense Department's Cybersecurity Maturity Model Certification program to be used by civilian agencies, as part of an effort to address "ambiguity" over sensitive information held by contractors and create synergies.
The Information Technology Industry Council anticipates details on incorporating acquisition requirements for contractors under the Pentagon's Cybersecurity Maturity Model Certification program will come in the next rulemaking for the initiative, which will focus on making changes to the Defense Department's acquisition regulations.
The Professional Services Council is supportive of the Pentagon's plans to allow self assessment for less sensitive information held by defense contractors under the Cybersecurity Maturity Model Certification program, while recognizing that contracting officers could still decide to choose a higher level of security than needed to ensure adequate protection of the information on nonfederal systems.
The Defense Department is asking for input on the process to report assessment results under its Cybersecurity Maturity Model Certification program and proposed parameters to address potential gaps.
The Defense Department has issued a memorandum on equivalency for cloud service offerings between the General Services Administration’s Federal Risk and Authorization Management Program and the Pentagon's cyber certification program.
The Pentagon’s proposed rule to implement the Cybersecurity Maturity Model Certification program details the role, expectations and tasks for the accreditation body responsible for building out on the major Defense Department initiative's assessment ecosystem.
The Defense Department provides a rundown of how its proposed rule addresses small business concerns over the Cybersecurity Maturity Model Certification program, as part of a detailed breakdown of comments received on the 2020 interim final rule.
The Defense Department has revealed its plans to revamp the Cybersecurity Maturity Model Certification program in guidance documents offering an official preview on changes to the model, assessment and scoping requirements as well as the process for submitting results to the Pentagon.
A recent report commissioned by the Air Force Research Laboratory dives into how addressing cyber risks differs from other supply chain risk management issues and provides recommendations on how to take a "comprehensive approach" in addressing their needs together.
Details on the assessment process, ecosystem roles, scoping requirements and more can be found in the Defense Department proposed rule published this week for the Cybersecurity Maturity Model Certification program.
Two trade associations representing companies in the defense industrial base are raising concerns over the potential for burdensome regulation following the introduction of a massive Defense Department proposed rule to implement the major revamp of the Cybersecurity Maturity Model Certification program.