On Aug. 15, the U.S. Department of Defense issued a proposed rule, Assessing Contractor Implementation of Cybersecurity Requirements, which seeks to implement contractual requirements for DOD contracts related to the recently proposed Cybersecurity Maturity Model Certification 2.0 Program. As currently proposed, the rule raises serious concerns regarding a lack of clear definitions and flexibility for federal contractors on DOD projects.