Cybersecurity 2025

We last wrote about cybersecurity in Deal Note^® 108, in February 2024, highlighting rapid changes in the U.S. Department of Defense’s (DOD) contractual cybersecurity requirements.

The final rule for the Pentagon’s Cybersecurity Maturity Model Certification 2.0 (CMMC) initiative went into effect on December 16, 2024. In 2025, CMMC 2.0 compliance will be included in all new DOD contracts. CMMC 2.0 compliance requirement levels will be set forth in each contract, based on the type and sensitivity of the information addressed in the award:

Level 1 – Annual self-assessment of basic security requirements.
Level 2 – Self-assessment or Certified Third-Party Assessment Organization (C3PAO) evaluation every three years for sensitive controlled unclassified information (CUI).
Level 3 – All level 2 requirements plus triannual Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) assessment and compliance with advanced security controls.

If you, as a middle-market aerospace and defense company, are interested in bidding on DOD contracts, you will need to be able to comply with the CMMC 2.0 levels set forth in the respective contracts. If you are already CMMC compliant, you will be aware of the importance of generating cybersecurity logs, which are often referred to as a Security Information and Event Management System (SIEMS). SIEMS provide detailed logs of cybersecurity intrusions, including access points, dates, times, impacts, damages, and corrective actions.

A few years ago, buyers were only asking for SIEMS logs during due diligence in a portion of transactions. Today, we are seeing them required in every transaction. Whether you are a supplier to the DOD and are required to produce SIEMS logs as part of CMMC 2.0, or you are a commercial supplier, you will need to produce your SIEMS logs to buyers long before they will be willing to acquire your middle-market aerospace and defense company.

Accordingly, if you are considering selling in the future, you need to have a SIEMS in place and be able to produce detailed cybersecurity logs.

Have a great day,

Bill Alderman
Founding Partner

Subscribe to our Deal Notes^®

Stay up to date with the latest views from our experts on Aerospace and Defense M&A.

About

Services

Insights

Active Mandates

Contact Us

35 Warrington Round,
Danbury, Connecticut 06810 USA

bh@aldermanco.com

+1-203-947-6047

Home

About

Company

Leadership

Transactions

Testimonials

Sectors We Serve

Services

Sell-side Representation

Valuations and Fairness Opinions

Long Range Sale Planning

Active Mandates

Sale Engagements

Insights

Deal Notes^®

Quarterly Surveys

Contact Us

35 Warrington Round,
Danburry, Connecticut 06810, USA

bh@aldermanco.com

+1-203-947-6047

Cybersecurity 2025

Subscribe to our Deal Notes®

Stay up to date with the latest views from our experts on Aerospace and Defense M&A.

About

Services

Insights

Active Mandates

35 Warrington Round, Danbury, Connecticut 06810 USA

About

Services

Active Mandates

Insights

35 Warrington Round, Danburry, Connecticut 06810, USA

Subscribe to our Deal Notes^®

35 Warrington Round,
Danbury, Connecticut 06810 USA

35 Warrington Round,
Danburry, Connecticut 06810, USA