October is Cybersecurity Awareness Month. 2025 has been a year sprinkled with updates to security needs across federal agencies, with new rules and enforcement attempting to reshape how IT vendors and partners engage with the government. Here’s the most prominent Need to Know topics and insights across the space, starting with CMMC.

CMMC 2.0

The Department of Defense is set to begin enforcing the Cybersecurity Maturity Model Certification (CMMC) regulations on November 10, 2025.

Cybersecurity Maturity Model Certification (CMMC) 2.0 is here. If your company is not prepared, the time to get ready is now, or your company may risk losing business with the Department of Defense (DoD).

The CMMC program requires cyber protection standards for companies in the Defense Industrial Base (DIB) and aims to protect sensitive unclassified information that the DoD shares with contractors and subcontractors.

In a Department of Defense (DoD) Town Hall held on February 10, led by David McKeown, DoD’s Senior Information Security Officer and Deputy CISO, we heard some news about CMMC. Defense contractors holding Controlled Unclassified Information (CUI) will need a third-party assessment to obtain certification.

If your business sells products or provides services to the Department of Defense (DoD), then you should know about the Cybersecurity Maturity Model Certification (CMMC) program. 

DoD has recently incorporated CMMC requirements into the Defense Federal Acquisition Regulation Supplement (DFARS Case 2019–D041, available here https://bit.ly/30LXAeE).  The rule change is currently open for public comment, and I urge all interested parties to read it and provide input.  

In previous years you would have ventured to our nation’s Capital to take part in the AWS Public Sector Summit. This year’s event – as you could imagine – was a virtual experience. Although I and my fellow DLT colleagues wished we could have been there in person, we really enjoyed our time at this year’s Summit. Much like what has been the theme of 2020, AWS had to adapt and innovate to these unprecedented times. They certainly rose to the occasion and put together a unique and valuable experience for their attendees.

Last week, my associate, Shane Rogers, shared an article on GovCybersecurityHub discussing the Cybersecurity Maturity Model Certification (CMMC) and its potential impact on small- and medium-sized government contractors.

2019 has ended with more uncertainty than normal—even than the federal government is used to. Last year at this time, of course, Christmas brought the advent of a record-long lapse in appropriations for about half the departments and agencies. The exceptions of Homeland Security, Defense and Veterans Affairs kept IT dollars flowing, but the partial shutdown left its mark nonetheless.

The ugly impeachment process working its way down the hall from the house to the Senate might be a psychic distraction but will have no effect on IT procurement.