Pentagon Releases Long-Awaited Contractor Cybersecurity Rule

The Department of Defense released the Cybersecurity Maturity Model Certification (CMMC) Rule, outlining a three-year phased rollout of cybersecurity requirements for U.S. military contractors. The framework consists of three levels of security, with vendors handling more sensitive information required to obtain certification from third-party assessors or the Defense Industrial Base Cybersecurity Assessment Center. The phased approach aims to address industry concerns about the program’s complexity and potential impact on small businesses.