2022 Year End CMMC Program Status Update

2022 saw a lot of changes to the CMMC program, and even to the government’s approach to supply chain cybersecurity. In this post, we summarize some of the key DoD-related changes in an effort to help contractors understand what they will likely encounter in 2023.

CUI and Contractor Cybersecurity Obligations Decision Trees

Are you looking for a straightforward way to understand what is/isn’t likely to be Controlled Unclassified Information (“CUI”)? Is your prime/mid-tier contractor asking you for copies of your System Security Plan (“SSP”), Plan of Action and Milestones (“POA&M”), 800-171 assessment results, or other information when you didn’t even realize you needed them? We have added CUI and cybersecurity obligation decision trees to the CMMC Information Institute’s collection of free tools. We are also hosting an event on May 7, 2021 at 11:00 AM to discuss the decision trees and help take the mystery out of CUI.