The publication of the final rule moves to establish the CMMC 2.0 program in federal law.

The Defense Department’s Cyber Crime Center announced that it is setting up an official Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP).

The Defense Industrial Base Cybersecurity Strategy outlines four goals as well as corresponding objectives that cover activities from fiscal 2024 to 2027.

The projections were included in a proposed rule for Cybersecurity Maturity Model Certification that was published in the Federal Register.

DIB contractors that use Microsoft cloud services may only need to meet a small portion of CMMC's 110 controls after the cloud provider passed its voluntary assessment.

The NIST standards have been part of federal law for contractors for several years, but until now, contracting officers have been "lackadaisical" about enforcing them, said the…

The Pentagon's officials overseeing the development of CMMC are planning to meet soon to address potential requirements for managed service providers under the program.

In a new report, GAO found that the DOD only met 78% of the 110 CMMC 2.0 requirements for systems that manage controlled unclassified information.

Depending on an interim rule, the Pentagon is hopeful to begin implementing CMMC controls in contracts in May 2023.

The Professional Services Council's David Berteau says that while industry waits for CMMC 2.0 rules to be issued, many contractors are already moving to come into compliance.