by Beth Burgin Waller, Anthony Mazzeo, and Patrick Austin
Left to right: Beth Burgin Waller, Anthony Mazzeo, and Patrick Austin. (photos courtesy of authors)
If you work for a defense contractor or subcontractor responsible for handling controlled unclassified information (CUI) and/or federal contract information (FCI), the U.S. Department of Defense posted the final rule for the highly anticipated Cybersecurity Maturity Model Certification 2.0 program (CMMC 2.0 or the Final Rule). Issuance of the Final Rule (full text available here in PDF format) likely means DoD will begin implementing new, stringent cybersecurity standards for defense contractors at some point in early-to-mid 2025.