The U.S. Defense Department has begun enforcing its Cybersecurity Maturity Model Certification program for defense contractors and subcontractors aimed at ensuring their capability to protect Federal Contract Information and Controlled Unclassified Information, SecurityWeek reports.Initial enforcement, which commenced on Nov. 10, mandates contractors to fulfill Level 1 and Level 2 self-assessments that gauge compliance with FCI protection and CUI safeguarding requirements, respectively. Contractors will later be compelled to accomplish third-party evaluations for Level 2 certifications for new contracts as part of the second phase of CMMC, which begins on Nov. 10, 2026.After introducing Level 3 requirements covering CUI protection against advanced persistent threats on Nov. 10, 2027, contractors will be forced to complete CMMC implementation across all contracts by Nov. 10, 2028. Secureframe CEO Shrav Mehta expressed concern about how such a "GDPR-level event" could impact subcontractors without adequate data security resources or expertise. Findings from a recent CyberSheath report also showed total CMMC readiness among only 1% of defense contractors this year.
Critical Infrastructure Security, Government security, Government Regulations
CMMC enforcement commences

(Air Force Staff Sgt. Brittany A. Chase/DoD)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



