What’s Hot in Cybersecurity & Implications for Institutions: February 2025 Meeting

This document provides an extensive overview of emerging cybersecurity standards and regulatory changes affecting institutions, particularly focusing on the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) and the proposed updates to the HIPAA Security Rule. It outlines the historical evolution and current structure of CMMC, stressing the increasing requirements for third-party verification, significant assessment and implementation costs, and the need for institutional culture change to ensure compliance across operational, physical, and personnel domains. Additionally, it summarizes proposed enhancements to the HIPAA Security Rule, which aim to strengthen administrative, technical, and physical safeguards against cyber threats in the healthcare sector, increase accountability, expand prescriptive requirements, and extend obligations to business associates and group health plans, while also noting related implications under the forthcoming Federal Acquisition Regulation (FAR) for Controlled Unclassified Information (CUI).