Another defense contractor is paying six figure fines after settling with the Department of Justice for allegedly failing to comply with DFARS clause 252.204-7012. The kicker: their own employee blew the noncompliance whistle and got a cut of penalty money. This is the fifth such settlement in 2025 and the DOJ is crystal clear that the don't discriminate just because a company is small.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

Memo: https://dodcio.defense.gov/cmmc/Resources-Documentation/

Swiss Automation: https://www.justice.gov/opa/pr/illinois-precision-machining-company-agrees-pay-421234-resolve-alleged-false-claims-act

MORSECORP: https://www.youtube.com/watch?v=ZnePk6jaezA

Raytheon: https://www.justice.gov/opa/pr/raytheon-companies-and-nightwing-group-pay-84m-resolve-false-claims-act-allegations-relating

Aero Turbine: https://www.youtube.com/watch?v=hFEEVGXv_00

GTRC: https://www.justice.gov/opa/pr/georgia-tech-research-corporation-agrees-pay-875000-resolve-civil-cyber-fraud-litigation

DFARS 7012: https://youtu.be/cy4e28YAkXU?si=MqGKGNAHTPyvj-DI

A recent webinar from the US Army Corps of Engineers told suppliers that if they only handle paper CUI, then CMMC requirements don't apply to them. That's a significant concession to industry on par with COTS exemption and POAMs. But is this USACE flexing their discretion or are they setting up a conflict by setting policy around CMMC applicability?

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

Register for CMMC Industry Week: https://www.summit7.us/industry-week

Since the 48 CFR CMMC final rule was published in September 2025 we've seen supplier notices from Lockheed, RTX, BAE, HII, and many others. Most recently, Northrop Grumman recently published a supplier announcement titled “CMMC 2.0 is Final – Are You Ready?”. The big takeaway: don't expect CMMC waivers from your prime customers because they can't grant them to you.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

DFARS 7012: https://youtu.be/cy4e28YAkXU?si=KvezY7Vu7zXf9qYZ

32 CFR Final rule: https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program

48 CFR Final rule: https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of

January Memo (PDF): https://dodprocurementtoolbox.com/uploads/DOPSR_Cleared_OSD_Memo_CMMC_Implementation_Policy_d26075de0f.pdf