The Department of Defense’s (DoD) is taking a supply-chain risk-management approach to improving cybersecurity. They are implementing the Cybersecurity Maturity Model Certification (CMMC), which will require DoD contractors and researchers to obtain third-party certification. This new CMMC mandate includes university-based research labs and facilities—as well as FFDRCs (Federally Funded Research and Development Centers) and UARCs (University Affiliated Research Centers)—and thus CMMC compliance needs to be a part of a higher education institution’s information security strategy.

 

Recent Spotlight

  • Hotline: Cybersecurity and Privacy | March 2026

    Hotline: Cybersecurity and Privacy | March 2026

    "Hotline: Cybersecurity and Privacy" tackles the philosophical, moral, strategic, and organizational quandaries related to higher education cybersecurity, privacy, and data. This month, Mike answers your questions about cybersecurity strategy, CMMC/CUI-compliant research computing and storage infrastructure, and the unchecked expansion of cybersecurity job responsibilities.
  • DFARS Changes to Integrate CMMC Requirements Effective November 10

    DFARS Changes to Integrate CMMC Requirements Effective November 10

    The final version of changes to defense contracting regulations implementing the Cybersecurity Maturity Model Certification Program has been released, beginning a three-year phase-in period for incorporating contractor self-assessment or third-party certification requirements in all Department of Defense contracts involving Federal Contract Information or Controlled Unclassified Information.

Browse Cybersecurity Maturity Model Certification (CMMC)