Description
The DoD recently published its long-awaited final rule amending the Defense Federal Acquisition Regulation Supplement to formally implement the CMMC program. The new Rule, effective Nov. 10, 2025, will be implemented over a three-year period with full implementation by Nov. 10, 2028. Once the rule is fully implemented, defense contractors will be unable to obtain a DoD contract unless they meet the requisite CMMC program requirements.
The CMMC program is designed to ensure that companies that handle federal contract information (FCI) or controlled unclassified information (CUI) are compliant with cybersecurity requirements, and the new Rule transcends the CMMC program from a policy framework into binding contractual obligations. Also, the new rule changes the current self-assessment model for certifying cybersecurity readiness to a third-party verification model that will require most defense contractors handling CUI or FCI to pass a cybersecurity assessment by a third-party assessment organization.
Noncompliance with the CMMC program will disqualify contractors from bidding on DoD contracts. Thus, it is imperative that defense contractors that process, store, or transmit federal FCI or CUI understand the key elements of the new rule to ensure they are and remain in compliance to be eligible for certain DoD contracts.
Listen as our authoritative panel reviews the new compliance obligations of the DoD's CMMC program and the implications for companies operating in the defense supply chain space.
Presented By
An expert in data privacy and cybersecurity, Mr. Danyluk guides clients through complex and evolving data privacy and cybersecurity laws and regulations. He provides proactive compliance advice to major corporations and government contractors and guides these clients through their responses to cyber incidents and ensuing investigations. Additionally, Mr. Danyluk uses his intimate knowledge of federal procurement and trade regulations, which he first developed as an Army JAG Officer, to advise government contractors on a wide variety of compliance requirements under the FAR, DFARS (including CMMC), DOJ’s Civil-Cyber Initiative, and ITAR. A member of the firm’s White-Collar Defense, Investigations & Compliance practice group, he also represents both corporate and individual clients during their most difficult times, defending and guiding them through all phases of the criminal process. Mr. Danyluk defends and counsel's clients in highly regulated industries, with a particular focus on government contractors and the defense industrial base, healthcare and pharmaceutical companies, and critical infrastructure entities.
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
-
Date + Time
- event
Wednesday, December 10, 2025
- schedule
1:00 p.m. ET./10:00 a.m. PT
I. Background and history of the CMMC program
II. Overview of the key CMMC program requirements
III. Applicability and implications of the CMMC rule for contractors and subcontractors in the defense supply chain
IV. CMMC framework: three certification levels
V. Key compliance obligations for defense contractors and subcontractors
VI. Effective dates and three-year phased implementation
VII. Immediate steps for defense contractors to bring cybersecurity programs into compliance
VIII. Mitigating risks and future enforcement considerations
IX. Practitioner pointers and key takeaways
The panel will address these and other key considerations:
- What is the history and background of the new CMMC program?
- What are the compliance obligations and implications of the new CMMC program for DoD contractors?
- How will the new CMMC program be implemented over a three-year period?
- What steps should contractors take now to ensure CMMC compliance and to remain eligible for DoD contracts?
Related Courses
New Cybersecurity Maturity Model Certification Program: Compliance Obligations; Implications for DoD Contractors
Wednesday, December 10, 2025
1:00 p.m. ET./10:00 a.m. PT
New Amendments to Children’s Online Privacy Protection Act Rule
Available On-Demand