CMMC

CMMC enforcement begins with mixed industry readiness

A new survey finds two-thirds of contractors prepared for the cybersecurity certification over many years, while nearly 40% have not yet completed required self-assessments.

  • By Nick Wakeman

CMMC enforcement begins after eight years of warnings

"There is no excuse for industry to not be ready," observers say as enforcement begins.

  • By Nick Wakeman

The CMMC bottleneck: When compliance demand outpaces capacity

With only 366 certficiations completed and mandatory rollout beginning in less than two weeks, defense firms need smarter tools to meet cybersecurity requirements without breaking the bank, writes Steven Hess, CEO, Deep Fathom.

  • By Steven Hess

Risks of cyber fraud allegations remain high for companies subject to government requirements

COMMENTARY | Stricter government cybersecurity requirements present elevated risk to companies due to increased enforcement pressure and additional bases for allegations of cybersecurity fraud.

  • By Moriah Daugherty, Ryan Burnette, Ashden Fein, Susan Cassidy and Peter Hutt II

The CMMC ‘grace period’ myth could cost you your contract

Jacob Horne, chief cybersecurity evangelist at Summit 7, writes that the defense industry is wrong to believe the bedtime story about a 12-month certification delay. Here's what program manager discretion really means.

  • By Jacob Horne

Crunch time for CMMC as November deadline looms

Full implementation of the standard takes effect in a month. In the meantime, a new study shows a compliance gap that could lock unprepared contractors out of defense contracts while cyber vulnerabilities persist.

  • By Nick Wakeman
Find opportunities — and win them.
Search Federal Contracts

How failing to meet CMMC requirements can expose your supply chain vulnerabilities

CMMC is not the holy grail of supply chain risk management, but it is one of the most effective tools for validating that information security vulnerabilities are being addressed, writes CMMC expert Aron Freitag.

  • By Aron Freitag

The CMMC clock is ticking: What defense contractors need to know about compliance

With mandatory third-party audits now in effect, government contractors must act quickly to meet stricter cybersecurity standards or risk losing DoD contracts, writes Aprio’s Raj Raghavan.

  • By Raj Raghavan

Cyber champion Robert Metzger dies after cancer battle

The defense industry is mourning the loss of a legal expert, widely known as the "Godfather of CMMC," whose work on supply chain security helped shape national standards.

  • By Nick Wakeman

Katie Arrington announces she is DOD’s new CISO

Arrington, who was once accused of disclosing classified data, was a major proponent of the Cybersecurity Maturity Model Certification program used for DOD contractors.

  • By David DiMolfetta

CMMC may address today's cyber concerns but can it address future threats?

Quantum computing is on the horizon bringing with it a new set of cybersecurity challenges. Government contractors must prepare now for encryption and other concerns.

  • By Kaniah Konkoly-Thege and Ryan W. McKenney

Industry seeks more clarity on final CMMC rule

The cybersecurity certification will move forward even as companies continue to have questions about what defines controlled but unclassified information, cloud services and other requirements.

  • By Nick Wakeman
Breaking News

CMMC's final rule has now landed

Several other regulatory steps and Congress' 60-day period to review the defense industrial base's new cybersecurity standard still loom before it takes effect.

  • By Nick Wakeman
Featured eBooks
Sponsor Content

DOD unveils proposed final rule for CMMC contracting

A phased rollout of the cybersecurity standard should begin in early 2025, with varying compliance levels and increased program office discretion.

  • By Nick Wakeman

The coming cyber reckoning for federal contractors

Contractors face a 90-day deadline to prove their cybersecurity compliance as awards for the OASIS+ vehicle start to fall and that is a precursor to broader industry-wide requirements, DTS CEO Edward Tuorinsky writes.

  • By Edward Tuorinsky

5 steps to building an early advantage in CMMC

With CMMC on the horizon, Redspin's chief information security officer Thomas Graham explains the five steps organizations should take to show they are an early adopter.

  • By Thomas Graham

Why a hybrid approach can help you navigate CMMC Level 3

Blending FedRAMP High and a commercial cloud environment can be an efficient way to reach CMMC Level 3 while optimizing your security and costs, writes Andrew Bream, vice president of enterprise IT at SOSi.

  • By Andrew Bream

NIST issues new guidelines on protecting unclassified data in government systems

The framework considers the private sector’s increased role in helping the federal government in day-to-day operations and aims to reduce the risk of supply chain cyberattacks.

  • By David DiMolfetta

WT 360: Steps to take now as you prepare for CMMC

Cyber industry executive Felipe Fernandez offers insights on the actions companies should take now as the Cybersecurity Maturity Model Certification rule moves toward becoming final.

  • By Nick Wakeman

CISA rolls out secure software attestation form

A repository for software attestation submissions will be available later in March.

  • By David DiMolfetta

Nearly 300 comment on proposed CMMC rule

The Defense Department now has to process and respond to the comments before it issues the final version of the industry-wide rule in the fall.

  • By Nick Wakeman