The Department of Defense is implementing new cybersecurity requirements that will affect more than 300,000 contractors—including many in Texas—who must meet stricter security standards or risk losing defense contracts, Southern Methodist University officials said in an announcement.

Texas, home to a concentration of defense manufacturers and contractors, will see “substantial impact” from the change, the Dallas university noted. Companies such as Lockheed Martin and Raytheon, along with numerous small-to-midsize suppliers, will need to align with the new requirements.

The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the DoD to strengthen cybersecurity across all levels of defense suppliers to reduce vulnerabilities that adversaries could exploit. The latest version, CMMC 2.0, was finalized in December 2024 and is now in effect.

CMMC expert Regan Edens, co-founder and chief transformation & compliance officer at DTC Global, brings battle-tested expertise from his leadership in Special Operations and Intelligence and service as a DoD Intelligence civilian, contractor, and Army commissioned officer. [Photo: SMU]

“There is no more crucial a time in history for us to be prepared in the cybersecurity space to keep our nation safe,” Regan Edens, an SMU instructor and CMMC industry expert, said in a statement. The initiative is part of the DoD’s broader effort to establish a uniform cybersecurity baseline across all levels of its supply chain, Edens said.

The final rule establishes tiered security requirements for contractors handling Controlled Unclassified Information (CUI), which can include everything from technical documents to component schematics. Defense contractors will need to meet security benchmarks based on their level of access to controlled information, determine their compliance level, and take steps to maintain eligibility for DoD contracts.

Southwest CMMC Implementation Conference (February 19-20)

Many small and mid-sized Texas businesses lack the dedicated cybersecurity resources of larger enterprises, making CMMC compliance a challenge, SMU said. But while the requirements are strict, complying with the new standards can be a “competitive advantage” for companies in an increasingly security-conscious market.

To help businesses sort out what it means for them, SMU is hosting the Southwest CMMC Implementation Conference on February 19-20, 2025, bringing together defense industry leaders, cybersecurity experts, and compliance professionals to provide insights into the new framework.

SMU is one of only four universities nationwide recognized on the CAICO (Cybersecurity Assessor and Instructor Certification Organization) marketplace as an official provider.  SMU offers in-person and live online training to equip cybersecurity professionals with the skills needed for Certified CMMC Cybersecurity Professional (CCP) and Certified CMMC Assessor (CCA) certifications.

“SMU’s status as an approved training provider allows the university to equip professionals with the skills necessary to navigate these evolving requirements,” said Edens.

For more information and to register for the conference, visit SMU’s event page.

Don’t miss what’s next. Subscribe to Dallas Innovates.

Track Dallas-Fort Worth’s business and innovation landscape with our curated news in your inbox Tuesday-Thursday.