Organizations instinctively assign complete cybersecurity ownership to information technology (IT). Multifactor authentication, phishing drills, security awareness training and virtual private networks are all visible markers of a “serious” program, and they all live within the IT function.

A new survey finds two-thirds of contractors prepared for the cybersecurity certification over many years, while nearly 40% have not yet completed required self-assessments.

One week into the Pentagon’s effort to move its cybersecurity compliance program from policy to practice, adoption of the CMMC program is gaining momentum, but execution remains slow, according to a new industry survey.

This capacity bottleneck may prove more disruptive to federal contracting than any single technical control.

Pentagon Formally Rolls Out Long-Awaited Cybersecurity Requirements for Vendors

Experts told DefenseScoop that readiness gaps are fueled by CMMC’s controversial history, misconceptions of what the rule change means and challenges in proving compliance.

The Pentagon will officially launch the phased rollout of its long-awaited Cybersecurity Maturity Model Certification (CMMC) program on Nov. 10

Implementation of the Defense Department’s Cybersecurity Maturity Model Certification program is set to begin Nov. 10.

The adoption of SWFT technologies should complement Cybersecurity Maturity Model Certification efforts.

The end of fiscal 2025 on Sept. 30 will usher in a substantial change for the Department of Defense (DoD).

CMMC is not the holy grail of supply chain risk management, but it is one of the most effective tools for validating that information security vulnerabilities are being addressed, writes CMMC expert Aron Freitag.

The clock is ticking for contractors to comply with the Department of Defense’s (DoD) long-anticipated cybersecurity compliance policy.

Engage a CMMC certified professional or assessor, or at least assess your contracts and clarify CUI expectations with your contracting officer.

The Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program officially went into effect on December 16, 2024, and it kicked off with a bang.

CMMC compliance is now critical for defense contractors, with hidden cloud costs, unclear provider roles and tenant ownership risks threatening budgets and certification. Without due diligence, the cheapest CMMC cloud option can quickly become the most costly.

Dr. Thomas Graham, vice president and chief information security officer at Redspin, lays out key principles for contractors to follow in the preparation and execution of their compliance with the Cybersecurity Maturity Model Certification.

To fully appreciate the importance of Controlled Unclassified Information (CUI), it’s essential to understand its origins and significance.