On September 9, the Department of War (DoW) released the final Defense Federal Acquisition Regulation Supplement (DFARS) rule implementing the Cybersecurity Maturity Model Certification (CMMC) Program as described at 32 CFR 170.3 for public inspection in the Federal Register.
The final rule will ensure DoW procurements will include CMMC assessment requirements that ensure defense contractors properly safeguard the Department’s Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
The CMMC program will provide a consistent methodology for assessing compliance with DoW's cybersecurity requirements.
“We expect our vendors to put U.S. national security at the top of their priority list,” said Kate Arrington, performing the duties of the DoW Chief Information Officer. “By complying with cyber standards and achieving CMMC, this shows our vendors are doing exactly that.”
The Federal Register Notice is available for public inspection at the following location:
https://public-inspection.federalregister.gov/2025-17359.pdf
An introductory course about the CMMC program is available to both Government and industry students at:
https://www.dau.edu/courses/cyb-1010
Additional information on the CMMC Program can be found at:
https://dodcio.defense.gov/CMMC/