Runnold Spence Jr
2025 promises to be a very busy year for the Department of Defense (DoD) and its contractors. In October 2024 the department issued a new rule implementing the Cybersecurity Maturity Model Certification (CMMC) 2.0 program, requiring contractors to implement required security measures to protect federal contract information (FCI) and controlled unclassified information (CUI).
The rule rolls out the requirements in four phases over the course of three years, setting cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the CUI/FCI held by the contractor. DoD will verify the implementation of the cybersecurity requirements.
The CMMC rule adds to the urgency of meeting the federal Zero Trust (ZT) architecture mandate and establishing strong identity controls and access management (ICAM).