Earlier this year, the Department of Defense, the General Services Administration, and NASA released a proposed rule seeking to standardize how government agencies identify controlled unclassified information (CUI) in relation to federal contracts. As the industry prepares for its implementation, there is still some confusion around the Cybersecurity Maturity Model Certification program. As quoted by National Defense Magazine, Alexander Major, Partner and Co-Chair of McCarter’s Government Contracts and Global Trade practice group, noted during a presentation organized by the National Defense Industrial Association that not all controlled unclassified information is the same. “The government and certain defense agencies or departments have a tendency to use the phrase generically, and that does them a disservice, it does CUI a disservice and it does the contractor a disservice,” Alex said.”
3.28.2025