The Department of Defense (DoD) has released the highly anticipated 48 CFR CMMC Final Rule, a pivotal moment for federal contracting. Published in the Federal Register on September 10, 2025, and effective November 10, 2025, this rule makes Cybersecurity Maturity Model Certification (CMMC) mandatory for all new DoD contracts. If you’re a defense contractor or…
Date: September 4, 2025 The Cybersecurity Maturity Model Certification (CMMC) acquisition rule—codified in 48 CFR—has officially completed regulatory review by the Office of Information and Regulatory Affairs (OIRA) on August 25, 2025. This was the final step before publication in the Federal Register, marking the point when CMMC requirements will become enforceable in Department of…
The Cybersecurity Maturity Model Certification (CMMC) Final Rule has reached the Office of Management and Budget (OMB) — the final regulatory step The long-awaited Cybersecurity Maturity Model Certification (CMMC) Final Rule has officially reached the Office of Management and Budget (OMB) for review — one of the final steps before becoming law. Publication is expected…
Role-Based Access Control (RBAC) is essential for protecting Controlled Unclassified Information (CUI) and meeting CMMC requirements. It ensures that users access only the information they need, and nothing more. Here’s how to implement RBAC effectively. 1. Define Roles by Function and CUI Access Start by mapping roles to specific job duties and the level of…
Why CUI Protection Matters for DoD Contractors If your company works with the U.S. Department of Defense or other federal agencies, protecting Controlled Unclassified Information (CUI) is not optional — it’s a compliance requirement. CUI includes sensitive information that, while not classified, must be protected from unauthorized access. Failure to manage CUI properly can lead…
What Is Controlled Unclassified Information (CUI) and Why Should You Care? In today’s digital world, data is everything. But not all data is created equal. Some types of information, while not classified, are still sensitive enough to need protection. That’s where Controlled Unclassified Information (CUI) comes in. If you’re new to cybersecurity or just trying…
Document Written on Saturday October 13, 2024, by Humberto Correa, CEO and Founder, RPO, RP, MSP, MSSP of Brea Networks, LLC. This document provides an overview of the major highlights and changes in the 32 CFR release from October 11, 2024, which is projected to take effect on December 16, 2024. We have outlined and…
Who needs CMMC certification?… By 2026, most defense contractors conducting work for the DoD – other than those managing Commercial Off The Shelf (COTS) – will need to achieve CMMC certification. The level of certification you need will depend on the requirements spelled out in your contract. 3 MAIN OBJECTIVES: Companies that have a FAR…
CMMC: What Is the Principle of Least Privilege? The principle of least privilege is one of the cornerstones of most cybersecurity frameworks, and the Cybersecurity Maturity Model Certification (CMMC) is no exception. Keep reading to learn everything about the principle of least privilege: What it is, how to implement it, and what it means for…
The release of the CMMC ruling has been release this morning December 22, 2023. Anticipation for this development has been building since 2020. It is important to note that while this is not the definitive final rule, it is a proposed final rule. The finalized version that can be incorporated into DoD contracts is…