Opinion
The real reason CMMC costs are shocking companies
It's not the certification. It's the years of delayed compliance finally coming due, writes Redspin’s Thomas Graham.
Contracts
Army's NCODE pilot takes shape with eight-company cyber pool
The $49 million contract gives defense small businesses a secure, Pentagon-funded cloud environment to work on CMMC and other security requirements.
Opinion
FedRAMP and CMMC compliance deadlines are looming
Federal contractors have less than six months to get their cybersecurity houses in order — or risk losing access to government work, writes immixGroup’s Amanda Mull.
Opinion
Stop trying to prevent every cyberattack. Start planning to survive one.
Iran-linked intrusions targeting defense software suppliers are a wake-up call for agencies and contractors, writes Gary Barlet, public sector CTO at Illumio.
Opinion
What you need to know about GSA's new CUI security framework
The implications of GSA's new IT security guidance are significant and is a different approach to protecting controlled unclassified information than DOD's CMMC standard, writes Summit7's Jacob Horne.
Opinion
The CMMC compliance gap is now a competitive risk
As enforcement ramps up and primes tighten supplier requirements, contractors face a choice: prepare now or lose access to DOD work.
Contracts
CMMC enforcement begins with mixed industry readiness
A new survey finds two-thirds of contractors prepared for the cybersecurity certification over many years, while nearly 40% have not yet completed required self-assessments.
Contracts
CMMC enforcement begins after eight years of warnings
"There is no excuse for industry to not be ready," observers say as enforcement begins.
Opinion
The CMMC bottleneck: When compliance demand outpaces capacity
With only 366 certficiations completed and mandatory rollout beginning in less than two weeks, defense firms need smarter tools to meet cybersecurity requirements without breaking the bank, writes Steven Hess, CEO, Deep Fathom.
Opinion
Risks of cyber fraud allegations remain high for companies subject to government requirements
COMMENTARY | Stricter government cybersecurity requirements present elevated risk to companies due to increased enforcement pressure and additional bases for allegations of cybersecurity fraud.
Opinion
The CMMC ‘grace period’ myth could cost you your contract
Jacob Horne, chief cybersecurity evangelist at Summit 7, writes that the defense industry is wrong to believe the bedtime story about a 12-month certification delay. Here's what program manager discretion really means.
Companies
Crunch time for CMMC as November deadline looms
Full implementation of the standard takes effect in a month. In the meantime, a new study shows a compliance gap that could lock unprepared contractors out of defense contracts while cyber vulnerabilities persist.
Opinion
How failing to meet CMMC requirements can expose your supply chain vulnerabilities
CMMC is not the holy grail of supply chain risk management, but it is one of the most effective tools for validating that information security vulnerabilities are being addressed, writes CMMC expert Aron Freitag.
Opinion
The CMMC clock is ticking: What defense contractors need to know about compliance
With mandatory third-party audits now in effect, government contractors must act quickly to meet stricter cybersecurity standards or risk losing DoD contracts, writes Aprio’s Raj Raghavan.
Companies
Cyber champion Robert Metzger dies after cancer battle
The defense industry is mourning the loss of a legal expert, widely known as the "Godfather of CMMC," whose work on supply chain security helped shape national standards.
Katie Arrington announces she is DOD’s new CISO
Arrington, who was once accused of disclosing classified data, was a major proponent of the Cybersecurity Maturity Model Certification program used for DOD contractors.
Opinion
CMMC may address today's cyber concerns but can it address future threats?
Quantum computing is on the horizon bringing with it a new set of cybersecurity challenges. Government contractors must prepare now for encryption and other concerns.
Contracts
Industry seeks more clarity on final CMMC rule
The cybersecurity certification will move forward even as companies continue to have questions about what defines controlled but unclassified information, cloud services and other requirements.
Breaking News
Contracts
CMMC's final rule has now landed
Several other regulatory steps and Congress' 60-day period to review the defense industrial base's new cybersecurity standard still loom before it takes effect.
Contracts