January 2025

15 Key Takeaways from Final CMMC Program Rule Issued by U.S. Department of Defense

Pratt's Government Contracting Law Report
Eric S. Crusius

Government Contracts attorney Eric Crusius wrote an article featured in Pratt's Government Contracting Law Report discussing the final Cybersecurity Maturity Model Certification (CMMC) Program Rule issued by the U.S. Department of Defense. The rule mandates third-party verification for contractors with Controlled Unclassified Information (CUI) and requires self-assessment for others with Federal Contract Information (FCI). Mr. Crusius highlights key aspects of the rule, such as implementation timing, assessment procedures and compliance expectations for small businesses and foreign companies.

READ: 15 Key Takeaways from Final CMMC Program Rule Issued by U.S. Department of Defense

Related Insights