CMMC 2.0 and the possibility of a cyber service: 2025 preview
2025 may be a telling year for the fate of the Pentagon's new CMMC 2.0 program.
2025 may be a telling year for the fate of the Pentagon's new CMMC 2.0 program.
Even for a political party that campaigns on cutting regulations, Pentagon and industry figures say the next Republican administration will likely weigh security over deregulation.
Drawing on Breaking Defense's TechNet Cyber 2026 coverage, this eBook examines how the Pentagon is advancing AI, cybersecurity, and cyber strategy to strengthen the future force.
CMMC 2.0 introduced a third-party assessment dependent on contractor's CUI capacity.
"We have a really a kind of crisis of cybersecurity or lack of within the defense industrial base," CyberSheath CEO Eric Noonan told Breaking Defense.
The new proposal includes new requirements for contracting officers, ensuring that parties bidding on Pentagon contracts are properly protecting sensitive information.
In this op-ed, William Greenwalt of the American Enterprise Institute lays out reasons why the DoD and Congress should move away from CMMC 2.0.
Watch experts discuss foreign influence risks, evolving DoD policy, and strategies for balancing security with scientific collaboration.
“We are moving forward, we're hoping by the first quarter of calendar year [2025] we'll be able to start enforcing this and putting this in contracts," Dave McKeown, Deputy CIO for the DoD, said.
At its most basic level, under CMMC 2.0, defense contractors and subcontractors that have access to controlled unclassified information (CUI) will be required to demonstrate the “maturity” of their cybersecurity programs against a set of increasingly advanced capabilities.