In September 2025, the Department of Defense finalized DFARS updates implementing the Cybersecurity Maturity Model Certification (CMMC) program into the Federal Acquisition Regulation Supplement. Effective November 10, 2025, the rule makes both self- and third-party cybersecurity assessments contractually enforceable for defense contractors (Federal Register, 2025)….