All news with #cmmc tag

🔒 UCR partnered with Google Public Sector to build a Secure Enclave powered by the Stellar Engine, a preconfigured cloud container that automates and enforces rigorous security postures. Backed by Google Cloud’s accredited services and a Zero Trust architecture, the environment closes unnecessary access points and maps foundational controls for NIST SP 800-171 and CMMC Level 2. The result is reduced technical overhead for researchers, restored eligibility for sensitive federal grants, and a scalable model the university plans to share with peers.

🔒 CMMC 2.0 requires federal contractors to demonstrate how they protect controlled unclassified information (CUI), shifting assessments from self-attestation to verified evidence. The standard prioritizes a risk-based, environment-specific approach that values documented, defensible safeguards rather than one-size-fits-all controls. That change elevates the need for clear data scoping, consistent administrative processes and reliable evidence capture. Automation and governed AI can streamline recurring reviews and produce verifiable artifacts, but only if organizations mature processes and explicitly document AI use and data flows.

🛡️ ISACA has been appointed by the US Department of Defense as the global credentialing authority for the CMMC program, responsible for training, examining and certifying assessors and instructors. The DoD's final CMMC rule published on 10 September 2025 and effective 10 November 2025 initiated a three-year rollout, requiring credentials across DoD suppliers by 2028. ISACA replaces The Cyber AB as the CAICO and expects the rules to affect over 200,000 contractors worldwide, including many in Europe.

🛡️ The compromise 2026 NDAA directs large new cybersecurity mandates for the Department of Defense, including contract requirements to harden mobile phones used by senior officials and enhanced AI/ML security and procurement standards. It sets timelines (90–180 days) for mobile protections and AI policies, ties requirements to industry frameworks such as NIST SP 800 and CMMC, and envisions workforce training and sandbox environments. The law also funds roughly $15.1 billion in cyber activities and adds provisions on spyware, biologics data risks, and industrial base harmonization.

🔒 AWS has released the Landing Zone Accelerator on AWS sample security baseline called the Universal Configuration, designed to deploy a secure, multi-account environment rapidly. It encodes AWS Well‑Architected security best practices and automates hundreds of controls to accelerate compliance for regulated workloads. The release is paired with the LZA Compliance Workbook on AWS Artifact, which maps technical controls to frameworks such as NIST, ISO, HIPAA, and CMMC.

🔒 AWS announced the 2025 H1 IRAP report is now available on AWS Artifact for Australian customers. An ASD-certified IRAP assessor completed the evaluation in September 2025, and four services were newly assessed at the PROTECTED level: Amazon Application Recovery Controller, AWS Global Accelerator, Amazon Q Business, and AWS Resource Explorer. AWS also published an IRAP documentation pack aligned to ACSC guidance and the ISM (March 2025) to help customers assess and architect PROTECTED workloads. Customers can request inclusion of additional services via their AWS representatives.

🔒 Google Public Sector announced it has achieved CMMC Level 2 certification, validated by a certified third-party assessment organization (C3PAO). The certification confirms that its internal systems used to process and store Controlled Unclassified Information (CUI) meet DoD cybersecurity expectations. While the certification covers Google’s internal systems and does not extend to customer environments, Google highlights support for the Defense Industrial Base through FedRAMP-authorized cloud services and published compliance resources, including a Google Workspace CMMC Implementation Guide, to help partners accelerate their own CMMC journeys.