• |

Oct. 1, 2025

Navigating DoD’s Final Cybersecurity Maturity Model Certification Program Rules

  • Vincent Pitaro
    Cybersecurity Law Report
As cybersecurity enforcement continues under the False Claims Act, the latest Cybersecurity Maturity Model Certification (CMMC) update raises the stakes for defense contractors and subcontractors. Last month, the U.S. Department of Defense published a long-awaited final rule to implement the CMMC that will have far-reaching implications across the defense industrial base. Mandatory implementation begins on November 10, 2025. To help contractors navigate the new regime, this article synthesizes insights offered during a Crowell & Moring presentation on the key provisions of the new final rule – including certification and attestation requirements, assessments and implementation timelines – supply chain considerations, enforcement risk and ensuring CMMC compliance. See our two-part series on getting started with CMMC: “Understanding Goals, Requirements and Challenges” (Jan. 27, 2021), and “How to Prepare and What to Expect From the Assessment” (Feb. 3, 2021).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Women to Watch: Contributions, Achievements and Observations of Outstanding Female Professionals

To mark International Women’s Day, women editors and reporters at ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Law Report Group editors Jill Abitbol, Robin L. Barton and Megan Zwiebel profile notable women in data privacy, cybersecurity, private funds and anti-corruption law, including Anne-Gabrielle Haie, Jessica Lee, Micaela McMurrough, Laura Perkins, Amanda Raad, Madelyn Calabrese, Ranah Esmaili and Genna Garver. Enjoy reading their inspiring remarks here.

Celebrating Data Privacy Day 2025

Read the full brief here.

Cybersecurity Awareness Month

Read the full brief here.