CMMC

Katie Arrington announces she is DOD’s new CISO

Arrington, who was once accused of disclosing classified data, was a major proponent of the Cybersecurity Maturity Model Certification program used for DOD contractors.

  • By David DiMolfetta

CMMC may address today's cyber concerns but can it address future threats?

Quantum computing is on the horizon bringing with it a new set of cybersecurity challenges. Government contractors must prepare now for encryption and other concerns.

  • By Kaniah Konkoly-Thege and Ryan W. McKenney

Industry seeks more clarity on final CMMC rule

The cybersecurity certification will move forward even as companies continue to have questions about what defines controlled but unclassified information, cloud services and other requirements.

  • By Nick Wakeman
Breaking News

CMMC's final rule has now landed

Several other regulatory steps and Congress' 60-day period to review the defense industrial base's new cybersecurity standard still loom before it takes effect.

  • By Nick Wakeman

DOD unveils proposed final rule for CMMC contracting

A phased rollout of the cybersecurity standard should begin in early 2025, with varying compliance levels and increased program office discretion.

  • By Nick Wakeman

The coming cyber reckoning for federal contractors

Contractors face a 90-day deadline to prove their cybersecurity compliance as awards for the OASIS+ vehicle start to fall and that is a precursor to broader industry-wide requirements, DTS CEO Edward Tuorinsky writes.

  • By Edward Tuorinsky
Find opportunities — and win them.
Search Federal Contracts

5 steps to building an early advantage in CMMC

With CMMC on the horizon, Redspin's chief information security officer Thomas Graham explains the five steps organizations should take to show they are an early adopter.

  • By Thomas Graham

Why a hybrid approach can help you navigate CMMC Level 3

Blending FedRAMP High and a commercial cloud environment can be an efficient way to reach CMMC Level 3 while optimizing your security and costs, writes Andrew Bream, vice president of enterprise IT at SOSi.

  • By Andrew Bream

NIST issues new guidelines on protecting unclassified data in government systems

The framework considers the private sector’s increased role in helping the federal government in day-to-day operations and aims to reduce the risk of supply chain cyberattacks.

  • By David DiMolfetta

WT 360: Steps to take now as you prepare for CMMC

Cyber industry executive Felipe Fernandez offers insights on the actions companies should take now as the Cybersecurity Maturity Model Certification rule moves toward becoming final.

  • By Nick Wakeman

CISA rolls out secure software attestation form

A repository for software attestation submissions will be available later in March.

  • By David DiMolfetta

Nearly 300 comment on proposed CMMC rule

The Defense Department now has to process and respond to the comments before it issues the final version of the industry-wide rule in the fall.

  • By Nick Wakeman

WT 360: CMMC lessons from the voluntary assessment program

Derek Kernus explains how his company went through the Defense Department's assessment process for complying with the standards at the heart of CMMC, the rule that will lay out how contractors protect information on their systems.

  • By Nick Wakeman
Featured eBooks

CMMC's effective date appears likely to be early 2025

The Defense Department needs to adjudicate comments and Congress needs to review the final rule on how contractors protect information before the standard takes effect.

  • By Nick Wakeman

Experts expect some support for small businesses facing CMMC compliance

The Pentagon’s draft CMMC rule doesn’t exempt small firms from the security standards for defense contractors and subcontractors, but that doesn’t mean they won’t receive any help meeting the requirements.

  • By Edward Graham

Five lessons learned as you prepare for CMMC

Cybersecurity expert Derek Kernus explains what was learned when a small business client went through a voluntary Defense Department assessment of how it protects controlled, unclassified information, meeting many of the CMMC requirements.

  • By Derek Kernus

WT 360: A look inside GovCon's crystal ball for 2024

Stephanie Smith, RSM's GovCon guru and our first guest for 2024, lays out key themes and discussion points that are poised to shape the industry during this new year.

  • By Ross Wilkers

CMMC hot take: What stands out in the draft rule

This video conversation features Matt Travis, CEO of the Cyber AB, and Eric Crusius, partner with Holland & Knight, who give their first impressions on the draft CMMC rule and where things go from here.

  • By Nick Wakeman

Five things to remember about CMMC

The draft rule for how government contractors will protect their customers' information is long and defense as it was two years in the making, but here are five things to keep in mind in putting together your comments.

  • By Nick Wakeman

DOD plans four-phase roll out of CMMC

The Defense Department expects companies will need two years to be fully compliant with this new standard for protecting information on their systems.

  • By Nick Wakeman

UPDATE: CMMC's proposed rule is published

After much anticipation, the proposed new standard for the defense industrial base's overall cyber posture is available for download now.

  • By Nick Wakeman