Aerospace and Defense Insights | New DoD rules heighten cybersecurity compliance requirements

Through Aerospace and Defense Insights, we share with you the top legal and political issues affecting the aerospace and defense (A&D) industry. Our A&D industry team monitors the latest developments to help our clients stay in front of issues before they become problems, and seize opportunities in a timely manner.

On 29 September 2020, the Department of Defense (DoD) issued an interim rule amending the Defense Federal Acquisition Regulation Supplement (DFARS), Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019–D041), 85 Fed. Reg. 61,505 (29 September 2020), available here. The interim rule establishes a two-pronged approach to assess and verify the Defense Industrial Base’s (DIB) ability to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) on contractor information systems or networks based on: 

  • The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology; and
  • The Cybersecurity Maturity Model Certification (CMMC) framework. 

Read More: Aerospace and Defense Insights | New Department of Defense rules significantly heighten cybersecurity compliance requirements


Authored by Stacy Hadeka, Michael Scheimer, and Michael F Mason.

Michael Mason
Washington, D.C.
Mike Scheimer
Washington, D.C.
Stacy Hadeka
Washington, D.C.


This website is operated by Hogan Lovells Solutions Limited, whose registered office is at 21 Holborn Viaduct, London, United Kingdom, EC1A 2DY. Hogan Lovells Solutions Limited is a wholly-owned subsidiary of Hogan Lovells International LLP but is not itself a law firm. For further details of Hogan Lovells Solutions Limited and the international legal practice that comprises Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses ("Hogan Lovells"), please see our Legal Notices page. © 2022 Hogan Lovells.

Attorney advertising. Prior results do not guarantee a similar outcome.