Experts told DefenseScoop that readiness gaps are fueled by CMMC’s controversial history, misconceptions of what the rule change means and challenges in proving compliance.

The amendment to the Defense Federal Acquisition Regulation Supplement marks the near end of a years-long effort to enforce CMMC 2.0 cybersecurity standards for defense contractors.

The order comes after an eye-opening investigation revealed Microsoft had been relying on China-based engineers to support DOD cloud computing systems.

Michael Duffey, nominated by President Trump to be undersecretary of defense for acquisition and sustainment, testified at his confirmation hearing Thursday.

A survey conducted by Redspin found that over half of respondents did not feel prepared for CMMC's requirements, which will go into effect by mid-2025.

As part of the new role, McKeown will stand up and helm the DOD CIO's new Cybersecurity Center of Excellence.

The publication of the final rule moves to establish the CMMC 2.0 program in federal law.

The Defense Department’s Cyber Crime Center announced that it is setting up an official Defense Industrial Base-Vulnerability Disclosure Program (DIB-VDP).

The Defense Industrial Base Cybersecurity Strategy outlines four goals as well as corresponding objectives that cover activities from fiscal 2024 to 2027.

The projections were included in a proposed rule for Cybersecurity Maturity Model Certification that was published in the Federal Register.