In a Department of Defense (DoD) Town Hall held on February 10, led by David McKeown, DoD’s Senior Information Security Officer and Deputy CISO, we heard some news about CMMC. Defense contractors holding Controlled Unclassified Information (CUI) will need a third-party assessment to obtain certification.

Another month, another regulation deadline to comply with. But this time, it’s defense contractors who are in the hot seat.

To safeguard defense information in non-federal systems and organizations, U.S. defense contractors and soon all federal agencies, must meet the DFARS 7012 mandate and implement all of the requirements of NIST Special Publication 800-171 Protecting Controlled Unclassified Information (CUI).

Time is running out for federal contractors to comply with the Federal Controlled Unclassified Information (CUI) Program.

What does the CUI Program mean to contractors?

As of December 31, 2017, all federal contracts will require that businesses contracting with the federal government must comply with the Federal CUI rule (32 CFR Part 2002) which strives to eliminate ad-hoc policies and markings that agencies and departments apply to unclassified information that requires safeguarding or dissemination controls.