Cybersecurity Maturity Model Certification
For Technology, AI, and Competition sector firms holding or pursuing Department of Defense contracts, Cybersecurity Maturity Model Certification is no longer a procurement footnote. The U.S. Department of Defense finalized CMMC 2.0 rules in December 2024, and the Defense Contract Management Agency now has standing authority to suspend contractors who fail third-party assessment requirements. The Office of the Under Secretary of Defense for Acquisition and Sustainment is actively phasing CMMC requirements into solicitations, which means compliance teams at technology vendors are mapping control gaps against NIST SP 800-171 before contract renewals hit.
Watch
- CMMC 2.0 final rule: phased enforcement timelines now active in DoD solicitations
- Third-party assessment organization (C3PAO) accreditation backlog creating certification delays for mid-size vendors
- Defense Contract Management Agency audit triggers for Level 2 self-attestation discrepancies
- AI-adjacent SaaS tools handling Controlled Unclassified Information face new scoping questions under current CMMC guidance
Recent material activity in Technology, AI & Competition
-
NIST releases updated AI Risk Management Framework companion guide for critical infrastructure
NIST published AI RMF 1.1 companion guidance specifically addressing AI deployment in critical infrastructure sectors including energy, financial services, and healthcare. The guide introduces mandatory risk assessment c…
Read a full sample brief →