美国国防部于2025年11月10日启动了CMMC第1阶段,要求承包商遵守网络安全标准以维持国防合同。 The U.S. DoD launched CMMC Phase 1 on Nov. 10, 2025, requiring contractors to meet cybersecurity standards to keep defense contracts.

美国国防部于2025年11月10日启动了其CMMC方案第一阶段,要求处理敏感但未分类数据的承包商达到网络安全标准。 The U.S. Department of Defense launched Phase 1 of its CMMC program on November 10, 2025, requiring contractors handling sensitive but unclassified data to meet cybersecurity standards. 第一级涉及联邦合同信息的自我验证,而第二级则涉及受管制的非机密信息,要求由经认证的评审员进行第三方评估。 Level 1 involves self-attestation for Federal Contract Information, while Level 2, for Controlled Unclassified Information, requires third-party assessments by certified assessors. 对于高风险的CUI, 需要高级保障和由DoD牵头的评价,每三年更新一次认证,三级为高风险的CUI, 要求进行高级保障和DOD领导的评价。 Level 3, for high-risk CUI, demands advanced safeguards and DoD-led evaluations, with certification renewal every three years. 300 000多名承包商可能受到影响,但现有认证评估员不足100人,从而产生了很高的需求。 Over 300,000 contractors may be affected, but fewer than 100 certified assessors are available, creating high demand. 承包者必须绘制数据地图,保护云系统,并准备成套证据。 Contractors must map data, secure cloud systems, and prepare evidence packages. 不遵守合同有失去合同的风险,不实遵守合同可能引发根据《虚假索赔法》提起法律诉讼。 Failure to comply risks losing contracts, and misrepresenting compliance may trigger legal action under the False Claims Act.