The Department of War (DoW) has released the final Defense Federal Acquisition Regulation Supplement (DFARS) rule that implements the Cybersecurity Maturity Model Certification (CMMC) Program. The announcement, made on September 9, states that the rule is now available for public inspection in the Federal Register at https://public-inspection.federalregister.gov/2025-17359.pdf.
According to the DoW, this new rule will require defense contractors to meet CMMC assessment requirements as part of procurement processes. These assessments are designed to ensure that contractors protect both Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
The CMMC program aims to establish a uniform approach for evaluating compliance with cybersecurity standards set by the DoW. An introductory course on the CMMC program is accessible for government and industry participants through https://www.dau.edu/courses/cyb-1010.
Kate Arrington, who is performing the duties of Chief Information Officer at DoW, said: “We expect our vendors to put U.S. national security at the top of their priority list. By complying with cyber standards and achieving CMMC, this shows our vendors are doing exactly that.”
Further details about the CMMC Program can be found at https://dodcio.defense.gov/CMMC/.
