The Pentagon's CMMC Program Takes a Big Step Forward
Source: HOLLAND&KNIGHT
The U.S. Department of Defense (DOD) issued the proposed Defense Federal Acquisition Regulation Supplement (DFARS) rules that will implement the Cybersecurity Maturity Model Certification (CMMC) program. These rules, which will be placed into all DOD contracts, will require all contractors to self-certify or obtain a third-party certification prior to beginning work on any DOD contracts. The kind of certification necessary will be dependent on the level of security necessary for the information generated or stored under the contract. Comments on the proposed rule are due on Oct. 15, 2024.
There are two sets of rules that will be utilized when the CMMC program is fully formed. The first, issued under Title 32 of the Code of Federal Regulations (CFR), establishes the CMMC program. These were initially proposed on Dec. 26, 2023, and the U.S. Office of Management and Budget (OMB) is reviewing the final regulations, with release expected before the end of the year. The second set of rules, which are the subject of this blog, are issued under Title 48 and will be placed in DOD contracts and refer back to the Title 32 rules.
If adopted as proposed, these rules will require contractors to have a current CMMC assessment at the time of award and maintain that assessment for the duration of the contract. Contractors without a required assessment will not be awarded a contract, and contractors who fail to maintain an assessment during the contract period will be subject to termination.
Click HERE for the full article.
Recent Posts
See AllSource: NATLAWREVIEW In May 2024, the US Department of Defense (DoD) published the long-awaited DoD Instruction [1] (FOCI Instruction)...
Source: SBA Starting August 1, initial applications for government contracting certifications managed by the U.S. Small Business...
Source: FNN National elections, debt limit reset, budget caps, workforce shortages and the pace of contracting are just some of the...
Comments