Cybersecurity Maturity Model Certification
Defense contractors operating under Department of Defense procurement rules are now navigating a phased CMMC 2.0 rollout that embeds third-party assessment requirements directly into Federal Acquisition Regulation clauses, with the Office of the Under Secretary of Defense for Acquisition and Sustainment driving implementation timelines and the Defense Contract Audit Agency positioned to scrutinize self-attestation claims. The Cybersecurity Maturity Model Certification program replaces the prior self-assessment model for many contracts, meaning compliance teams are auditing subcontractor assessment status and updating supplier agreements before CMMC conditions appear in new contract awards.
Watch
- CMMC 2.0 phased rulemaking: when Level 2 C3PAO requirements hit new solicitations
- DCAA scrutiny of Plan of Action and Milestones submissions under NIST SP 800-171
- Subcontractor flow-down obligations for CMMC Level 1 self-attestation
- DoD proposed FAR/DFARS clause revisions tying CMMC status to contract eligibility
Recent material activity in Defense & Government Contracting
Active monitoring in place across Defense & Government Contracting. Material developments related to cybersecurity maturity model certification will appear here as they are published.