Contractors chasing certification often risk overspending or over-securing. Virtru’s Trevor Foskett explains why data-focused strategies help meet requirements and keep small businesses in the game.
Experts told DefenseScoop that readiness gaps are fueled by CMMC’s controversial history, misconceptions of what the rule change means and challenges in proving compliance.
Soldiers gather during a promotion and reenlistment ceremony outside Army Counterintelligence Command headquarters, July 14, 2025, Fort George G. Meade, Maryland. (Photo by Adam Lowe, DVIDS)
The amendment to the Defense Federal Acquisition Regulation Supplement marks the near end of a years-long effort to enforce CMMC 2.0 cybersecurity standards for defense contractors.
WASHINGTON, DC – FEBRUARY 25: Stephen Feinberg, U.S. President Donald Trump’s nominee to be Deputy Secretary of Defense, testifies during his Senate Armed Services Committee confirmation hearing in the Dirksen Senate Office Building on February 25, 2025 in Washington, DC. Feinberg, businessman and CEO of Cerberus Capital Management, served as the head of President Trumps Intelligence Advisory Board in his Trump’s term. (Photo by Win McNamee/Getty Images)
(Screenshot of Michael Duffey, President Donald Trump’s nominee to be undersecretary of defense for acquisition and sustainment, testifying at his confirmation hearing with the Senate Armed Services Committee, March 27, 2025)
Michael Duffey, nominated by President Trump to be undersecretary of defense for acquisition and sustainment, testified at his confirmation hearing Thursday.
A survey conducted by Redspin found that over half of respondents did not feel prepared for CMMC's requirements, which will go into effect by mid-2025.
The framework will require defense contractors working with controlled unclassified information (CUI) or federal contract information (FCI) to meet one of three levels of CMMC compliance, depending…
