Posts

Showing posts with the label Cybersecurity Maturity Model Certification (CMMC)

They’re Here! The Cybersecurity Maturity Model Certification Requirements for DoD Solicitations and Contracts Are Live. What Does This Mean for Your Organization?

  This alert serves to remind contractors of the much-ballyhooed Cybersecurity Maturity Model Certification (CMMC) and updates our previous articles on   the Department of Defense’s (DoD) proposed CMMC Program rule   and   DoD’s issuance of a new final rule , codified at Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7021 (contract clause) and 252.204-7025 (solicitation provision). The new DFARS rule implements the CMMC Program’s requirements into DoD contracts over the course of a three-year phase-in period. This week, as of November 10, 2025, Phase 1 of this rule’s rollout has finally become effective, with significant implications for defense contractors. As discussed in our prior articles, the new CMMC rule will apply to defense contracts involving contractor information systems handling federal contract information (FCI) or controlled unclassified information (CUI) only . There is a significant exception for contracts solely for the acquisiti...