Contracts
Nearly 300 comment on proposed CMMC rule
The Defense Department now has to process and respond to the comments before it issues the final version of the industry-wide rule in the fall.
Podcasts
WT 360: CMMC lessons from the voluntary assessment program
Derek Kernus explains how his company went through the Defense Department's assessment process for complying with the standards at the heart of CMMC, the rule that will lay out how contractors protect information on their systems.
Opinion
CMMC's effective date appears likely to be early 2025
The Defense Department needs to adjudicate comments and Congress needs to review the final rule on how contractors protect information before the standard takes effect.
Contracts
Experts expect some support for small businesses facing CMMC compliance
The Pentagon’s draft CMMC rule doesn’t exempt small firms from the security standards for defense contractors and subcontractors, but that doesn’t mean they won’t receive any help meeting the requirements.
Opinion
Five lessons learned as you prepare for CMMC
Cybersecurity expert Derek Kernus explains what was learned when a small business client went through a voluntary Defense Department assessment of how it protects controlled, unclassified information, meeting many of the CMMC requirements.
Podcasts
WT 360: A look inside GovCon's crystal ball for 2024
Stephanie Smith, RSM's GovCon guru and our first guest for 2024, lays out key themes and discussion points that are poised to shape the industry during this new year.
Contracts
CMMC hot take: What stands out in the draft rule
This video conversation features Matt Travis, CEO of the Cyber AB, and Eric Crusius, partner with Holland & Knight, who give their first impressions on the draft CMMC rule and where things go from here.
Opinion
Five things to remember about CMMC
The draft rule for how government contractors will protect their customers' information is long and defense as it was two years in the making, but here are five things to keep in mind in putting together your comments.
Contracts
DOD plans four-phase roll out of CMMC
The Defense Department expects companies will need two years to be fully compliant with this new standard for protecting information on their systems.
Opinion
UPDATE: CMMC's proposed rule is published
After much anticipation, the proposed new standard for the defense industrial base's overall cyber posture is available for download now.
Opinion
SBOMs are a needed ingredient but not the full recipe for software supply chain security
Validating the integrity of IT supply chains is critical to cybersecurity and includes the supply chain feeding software development.
Contracts
Small business challenges and earlier compliance lessons for CMMC
In a new set of video interviews, we explore the challenges unique to small businesses regarding CMMC and what updates to the underlying cybersecurity standard mean for compliance.
Opinion
Waiting game continues for release of draft CMMC rule
It appears the White House budget office has finished its review of the new industry-wide cybersecurity standard ahead of the final unveiling.
Contracts
Congress takes up software supply chain security
The FITARA scorecard could become a vehicle for measuring agency progress against the administration's software security goals.
Contracts
What can you do now to prepare for CMMC?
In the first of a series of videos, we talk to informed observers about what contractors should be doing ahead of the release of the CMMC draft rule and how they should approach what promises to be a massive and complex document for this new cybersecurity standard.
Contracts
A reader's guide to the upcoming draft CMMC rule
Market observers have advice on what to read and how to comment when the Defense Department releases its proposed cybersecurity rule for the industrial base.
Contracts
Fingers crossed: DOD's CMMC lead anxious for November release
The proposed final rule for the defense industrial base's new cybersecurity standard could hit the street any day.
Opinion
Demystifying the acronym soup of CMMC
To prepare for the Nov. 8 CMMC Ecosystem Summit, here is an acronym cheat sheet to follow along in the conversation about the defense industrial base's new cybersecurity standard.
Opinion
Are you seeking CMMC certification? Here's what you need to know
Ola Sage leads one of the CMMC ecosystem's assessment organizations and gives the inside word here on how contractors should move to show they are meeting this new industry-wide cybersecurity standard.
Companies