On October 15, 2024, the U.S. Department of Defense (DoD) released its final rule to establish the Cybersecurity Maturity Model Certification (CMMC) Program (Final CMMC Program Rule). The CMMC Program allows the DoD to verify that defense prime contractors and subcontractors (defense contractors) have implemented security safeguards for Federal Contract Information (FCI) and Controlled Unclassified … Continue Reading
On August 15, 2024, the US Department of Defense (DoD) published a proposed rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) in order to implement the Cybersecurity Maturity Model Certification (CMMC) program. DoD is executing a phased rollout of CMMC, and the August 2024 proposed rule is the second proposed rule DoD has … Continue Reading
On January 31, 2024, the Department of Defense (DOD) released an update to the Chinese Military Company (CMC) List in accordance with Section 1260H of the National Defense Authorization Act (NDAA) for Fiscal Year 2021. DOD added sixteen entities to the 1260H CMC List and removed three previously designated entities that no longer met “some … Continue Reading
Protection of the Defense Industrial Base (DIB) from the growing panoply of cybersecurity threats has been a consistent point of emphasis for senior Department of Defense (DOD) officials during the Trump Administration. The DOD took a significant step toward addressing that concern on January 31, 2020 with the release of Version 1.0 of the Cybersecurity … Continue Reading
Government contractors that hold a facility security clearance (FCL) must have a written program in place no later than November 30, 2016 to begin implementing insider threat requirements published by the Department of Defense (DoD) in Change 2 to DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM). In particular, on May 18, 2016, the … Continue Reading