Investigations, Enforcement, & Compliance Alerts
Sort by:
2 results
October 16, 2023
|5 min read
The Department of Defense (DOD) is expected to finalize a new rule by the end of 2023 that will significantly enhance the Cybersecurity Maturity Model Certification (CMMC) framework and related cybersecurity requirements for defense contractors.
October 10, 2023
|7 min read
The National Institute of Standards and Technology (NIST) continues to update its guidance, through Special Publication 800-171 (NIST SP 800-171) on how defense contractors and subcontractors of federal agencies should protect Controlled Unclassified Information (CUI). NIST SP 800-171 revision 3, which is expected to be published in early 2024, contains significant changes from the current version (revision 2). Among many modifications, the initial public draft of revision 3, released on May 10, 2023, introduces new security controls, incorporates more detailed security requirements, and provides mechanisms for agencies to tailor their security requirements to their specific needs. These changes may require contractors currently handling CUI to review and revise their information security controls to remain in compliance with their contracts.