US EditionCMMC Final Rule Published: Summit 7 Urges Defense Contractors to Prepare for Immediate Cybersecurity Contract Requirements
The Department of Defense mandates contractors achieve Cybersecurity Maturity Model Certification levels based on data sensitivity, with phased implementation starting Nov 9, 2025.
- On September 9, 2025, the U.S. Department of Defense unveiled the final Cybersecurity Maturity Model Certification 2.0 rule, effective November 10, 2025.
- The rule responds to past cyber breaches and rising threats by requiring contractors handling sensitive unclassified information to meet tiered cybersecurity standards.
- The CMMC framework defines three compliance levels based on data sensitivity, from annual self-assessments at Level 1 to mostly third-party audits at Level 2 and government-led audits at Level 3.
- Acting DoD CIO Katherine Arrington emphasized that ensuring the protection of U.S. national security is a primary obligation for vendors, which is demonstrated by their adherence to CMMC standards.
- Contracting officers must include CMMC requirements in solicitations and only award contracts to vendors with current certifications, aiming to strengthen defense supply chain security.
40 Articles
40 Articles
With CMMC rule final, DoD focused on training, small business relief
The Pentagon’s Cybersecurity Maturity Model Certification, or CMMC, requirements are set to go live in November after years of rulemaking. Defense Department officials are now rolling out acquisition training to get both government and industry up to speed on implementation of the CMMC program. DoD officials have laid out a “phased” implementation approach for the sweeping cybersecurity requirements. “We’ve done the implementation plan through t…
Bennington Banner
CMMC Final Rule Published: Summit 7 Urges Defense Contractors to Prepare for Immediate Cybersecurity Contract Requirements
HUNTSVILLE, Ala., Sept. 10, 2025 /PRNewswire/ -- The U.S. Department of War has published the long-awaited 48 CFR Final Rule, officially making the Cybersecurity Maturity Model Certification (CMMC) a binding requirement in defense contracts. This marks a watershed moment for…
DOD's CMMC final rule
Tuesday, September 9, 2025On Sept. 9, 2025 the Defense Department issued its final rule -- to be published the following day in the Federal Register -- "amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the final Cybersecurity Maturity Model Certification program." Featured: Related Documents Tags: Cybersecurity
Cybersecurity Maturity Model Certification (CMMC) Program Procurement Final Rule Announced
This blog post discusses the Department of Defense’s (“DoD”) new cybersecurity rule that imposes certain cybersecurity requirements on relevant DoD contractors and subcontractors. The post will be of interest to all DoD contractors, subcontractors, and possibly affiliates of contractors that may be impacted by the new rule’s cybersecurity requirements. On September 10, 2025, DoD published the final version of the Cybersecurity Maturity Model Cer…
Coverage Details
Bias Distribution
- 67% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
