On Sept. 10, 2025, the Department Defense (DoD) issued a final rule amending the Defense Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program for government contractors. This final rule established a November 10, 2025 go-live date for the start of phase 1 of CMMC. As we covered in our prior alerts, under the four-phased implementation approach, the focus will be on Level 1 and Level 2 self-assessments in the first year; Level 2 third-party certifications in the second year; Level 3 certifications in the third year; and all contracts and solicitations will include CMMC requirements in the fourth year.

Beginning on Nov. 10, contractors and subcontractors will see CMMC requirements in solicitations and option exercises. This GT Alert focuses on Level 1, which will apply to any contractors or subcontractors with information systems that store, process, or transmit federal contract information (FCI).

Continue reading the full GT Alert.

Tags: CMMC, government contractors, GT Insight
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Eleanor M. Ross Eleanor M. Ross

Eleanor (Elle) Ross advises government contractors from a diverse range of industries on regulatory matters including compliance with government regulations, contract disputes, defense of claims, and government investigations. She litigates bid protests before the Court of Federal Claims and the Government Accountability Office.

Eleanor (Elle) Ross advises government contractors from a diverse range of industries on regulatory matters including compliance with government regulations, contract disputes, defense of claims, and government investigations. She litigates bid protests before the Court of Federal Claims and the Government Accountability Office. She advises clients in connection with an array of agreements and multi-award procurements, including challenging award decisions in a variety of fora.

Elle also counsels clients on federal and state compliance obligations, particularly in connection with cybersecurity (including CMMC and NIST requirements) and supply chain risk management practices. She works with clients to understand government regulations and to develop compliance plans and to implement those plans. She also assists with making mandatory and voluntary disclosures to federal agencies and represented clients in subsequent investigations and administrative proceedings. She manages sanctions proceedings against contractors, including cases alleging fraud and corruption.

Elle also represents clients in commercial contract disputes, both in mediation and in federal court.

Previously, Ms. Ross was a legal consultant to World Bank Office of Suspension and Debarment, where she reviewed cross-border investigations to determine contractor compliance with World Bank regulations.

Read more about Eleanor M. RossEleanor M.'s Linkedin Profile
Show more Show less
Photo of Cassidy Kim Cassidy Kim

Cassidy Kim focuses her practice on government contracts and procurement matters. Cassidy also advises clients on cybersecurity and privacy compliance issues. She has worked with clients operating in an array of industries to navigate these sectors of the law, including providers of critical…

Cassidy Kim focuses her practice on government contracts and procurement matters. Cassidy also advises clients on cybersecurity and privacy compliance issues. She has worked with clients operating in an array of industries to navigate these sectors of the law, including providers of critical government infrastructure solutions, enterprise cloud services, EdTech, and autonomous defense systems.

Cassidy advises clients on litigating bid protests and claims involving state and federal level government procurements, including before the Government Accountability Office, U.S. Court of Federal Claims, and the California Department of General Services. She also provides industry-specific counsel on the CCPA/CPRA, GDPR, NIST, and related privacy and cybersecurity matters. Cassidy has developed consumer-facing privacy disclosures, B2B data transfer agreements, and employee compliance procedures. She has also led strategy on responses to regulatory actions and advised on supply chain risk management practices.

Prior to Greenberg Traurig, Cassidy worked as counsel at the Federal Reserve Bank of San Francisco, where she managed negotiations and provided strategic advice on San Francisco Fed and other Federal Reserve System contracts and procurement efforts across core business groups.

Read more about Cassidy Kim
Show more Show less
Photo of Olivia Bellini Olivia Bellini

Olivia Bellini is a member of the Government Contracts Practice in Greenberg Traurig’s Northern Virginia office. She litigates pre-award and post-award bid protests before the Government Accountability Office and the Court of Federal Claims. She also assists in representations involving contracts disputes, and…

Olivia Bellini is a member of the Government Contracts Practice in Greenberg Traurig’s Northern Virginia office. She litigates pre-award and post-award bid protests before the Government Accountability Office and the Court of Federal Claims. She also assists in representations involving contracts disputes, and suspensions and debarments against federal agencies.

Olivia's Linkedin Profile
Show more Show less
Related Posts
cybersecurity
Preparing for a CMMC Audit: The System Security Plan
October 22, 2025
abstract
Recapping CMMC Level 3: Considerations for Government Contractors
October 16, 2025
shutterstock_273128801
Recapping CMMC Level 2: Considerations for Government Contractors
October 13, 2025