Posts

Showing posts with the label defense contractors

They’re Here! The Cybersecurity Maturity Model Certification Requirements for DoD Solicitations and Contracts Are Live. What Does This Mean for Your Organization?

  This alert serves to remind contractors of the much-ballyhooed Cybersecurity Maturity Model Certification (CMMC) and updates our previous articles on   the Department of Defense’s (DoD) proposed CMMC Program rule   and   DoD’s issuance of a new final rule , codified at Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7021 (contract clause) and 252.204-7025 (solicitation provision). The new DFARS rule implements the CMMC Program’s requirements into DoD contracts over the course of a three-year phase-in period. This week, as of November 10, 2025, Phase 1 of this rule’s rollout has finally become effective, with significant implications for defense contractors. As discussed in our prior articles, the new CMMC rule will apply to defense contracts involving contractor information systems handling federal contract information (FCI) or controlled unclassified information (CUI) only . There is a significant exception for contracts solely for the acquisiti...

DoD Finalizes Cybersecurity Maturity Model Certification Rule: What Defense Contractors Need to Know

Image
On September 10, 2025, the U.S. Department of Defense (DoD) published a  final rule  that will shake up cybersecurity compliance for DoD contractors. T he new rule formally incorporates the Cybersecurity Maturity Model Certification (CMMC) program into nearly all DoD contracts through the Defense Federal Acquisition Regulation Supplement (DFARS) . This move has far-reaching implications for employers across the defense industrial base. Quick Hits Beginning November 2025, the DoD will issue contracts requiring contractors to comply with CMMC cybersecurity standards and conduct third-party or self-assessments, depending on the sensitivity of the information they handle. In addition to achieving and maintaining the CMMC level specified in each solicitation or contract, the final rule will require contractors to flow down the appropriate requirements to subcontractors, and to document and publish the results of assessments. While the rule will be phased in over three years, emplo...

What Contractors Need to Know About DoD’s New IP Guidebook

Earlier this year, the Department of Defense (DoD) published an “Intellectual Property Guidebook for DoD Acquisition.” It is the culmination of many years of work and the most insightful data rights guidance out of the Department in at least two decades . Private practitioners may not agree with every characterization of the law and data rights regulations, but the IP Guidebook is particularly commendable for its transparency into DoD’s strategic framework for IP negotiations . Although written for government acquisition professionals, it should be mandatory reading for anyone delivering proprietary technology to DoD or defense contractors. Here are a few key takeaways for contractors: 1. Expect More “Use Case” and “VATEP” Solicitations. DoD’s IP strategy is built largely around the ideal of competitive, interest-based negotiations early in the acquisition lifecycle. [1]  To facilitate such negotiations, DoD has experimented in recent years with different solicitation criteria enco...