On January 15, 2025, the FAR Council released a proposed rule (FAR CUI Rule) that would amend the FAR to implement federal government-wide Controlled Unclassified Information (CUI) cybersecurity, training, and incident reporting requirements for government contractors and subcontractors. The rule’s key cybersecurity requirements closely mirror the Department of Defense’s Cyber Maturity Model Certification (CMMC) program (for example, compliance with National Institute of Standards and Technology Special Publication 800-171, Revision 2), but broaden the scope to include contractors and subcontractors working across all federal agencies. The Rule is intended to standardize the handling of CUI by federal government contractors and subcontractors in accordance with Executive Order 13556, including by:Continue Reading Cyber For All: Proposed Rule Introduces Government-Wide CUI Cybersecurity Requirements

Jasmine Masri
Jasmine Masri is an associate in Crowell & Moring’s Government Contracts and International Trade groups. Jasmine focuses her practice on global compliance issues, regulatory enforcement matters, and government investigations. Through her practice, Jasmine provides counsel on a variety of matters at the intersection of government contracts and international trade, including cross-border government procurement, economic sanctions, and export controls.
Contact:Read more about Jasmine Masri