It's about to get a lot harder for private companies that are lax on cybersecurity to get a contract with the Pentagon, as the Defense Department has finalized a rule requiring contractor compliance with its Cybersecurity Maturity Model Certification (CMMC) program.

The final rule, which was released as a preview ahead of its formal publication in the Federal Register on Wednesday, will go into effect on November 9. After that point, all vendors who contract with the DoD (known as the defense industrial base (DIB)) will need to meet one of three levels of CMMC compliance, depending on the sensitivity of unclassified information they handle, in order to be eligible for award consideration once the rule is phased in.

CMMC requirements include limiting access to sensitive data, authenticati

See Full Page