top of page

The Pentagon's CMMC Program Takes a Big Step Forward


The U.S. Department of Defense (DOD) issued the proposed Defense Federal Acquisition Regulation Supplement (DFARS) rules that will implement the Cybersecurity Maturity Model Certification (CMMC) program. These rules, which will be placed into all DOD contracts, will require all contractors to self-certify or obtain a third-party certification prior to beginning work on any DOD contracts. The kind of certification necessary will be dependent on the level of security necessary for the information generated or stored under the contract. Comments on the proposed rule are due on Oct. 15, 2024.


There are two sets of rules that will be utilized when the CMMC program is fully formed. The first, issued under Title 32 of the Code of Federal Regulations (CFR), establishes the CMMC program. These were initially proposed on Dec. 26, 2023, and the U.S. Office of Management and Budget (OMB) is reviewing the final regulations, with release expected before the end of the year. The second set of rules, which are the subject of this blog, are issued under Title 48 and will be placed in DOD contracts and refer back to the Title 32 rules.


If adopted as proposed, these rules will require contractors to have a current CMMC assessment at the time of award and maintain that assessment for the duration of the contract. Contractors without a required assessment will not be awarded a contract, and contractors who fail to maintain an assessment during the contract period will be subject to termination.


Click HERE for the full article.

1 view0 comments

Recent Posts

See All

SBA Certification Upgrade

Source: SBA Starting August 1, initial applications for government contracting certifications managed by the U.S. Small Business...

Comments


bottom of page