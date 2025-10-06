The effort to implement Cybersecurity Maturity Model Certification continues to be a chief focus across the Defense Department. With the 48 CFR rule in the final stages, DoD is telling industry to expect to start seeing CMMC requirements in defense contracts in the coming months. This will mark a major milestone in federal cybersecurity enforcement. DoD will expect contractors handling Controlled Unclassified Information to provide mandatory third-party assessments under Level 2, while Level 1 remains self-attested. The Pentagon’s implementation CMMC is garnering the attention of civilian agencies too, who may want to do something similar.

At the same time, the General Services Administration is transforming the FedRAMP authorization process through its FedRAMP 20x initiative. This overhaul aims to introduce automated security validations, reduced paperwork and faster approvals for cloud services. The goal? Cut authorization timelines from years to weeks. A new pilot program is streamlining FedRAMP for AI-based cloud services, especially those offering conversational artificial intelligence for federal use.

Topics will include:

Preparing for CMMC Level 2 certification and navigating the phased rollout

Understanding the implications of the 48 CFR rule and DFARS clauses

Leveraging FedRAMP 20x for faster cloud adoption and compliance

Software attestation and Software Bill of Materials requirements

Updates to NIST 800-171 and FISMA

False Claims Act enforcement in cybersecurity

Supply chain risk management and subcontractor compliance



These cybersecurity and information protection mandates.