The Proposed CMMC Rule Is Here: What It Means for Your Organization?
Bijay limbu Senihang ???
?? CEO at Vairav Tech | Empowering Businesses with Cybersecurity Excellence | Cyber Defense ?? #CybersecurityLeadership
The proposed rule for the Cybersecurity Maturity Model Certification (CMMC) program was published by the Department of Defense (DoD) on December 26, 2023. The proposed rule sets forth key requirements for the CMMC 2.0 program, which primarily addresses security, assessment, and affirmations. Under CMMC 2.0, defense contractors and subcontractors that have access to controlled unclassified information (CUI) will be required to demonstrate the “maturity” of their cybersecurity programs against a set of increasingly advanced capabilities. The CMMC program is aligned with DoD’s information security requirements for Defense Industrial Base (DIB) partners.
The CMMC program is currently in the process of being implemented under a four-phased plan, which will see CMMC requirements in all solicitations for contracts involving Controlled Unclassified Information (CUI) or federal contracting information by October 1, 2026. The cost of implementing CMMC 2.0 is projected to be significantly lower relative to CMMC 1.0 because the Department intends to streamline requirements at all levels, eliminating CMMC-unique practices and maturity processes, allow companies associated with the new Level 1 (Foundational) and some Level 2 (Advanced) acquisition programs to perform self-assessments rather than third-party assessments, and increase oversight of the third-party assessment ecosystem .
Please note that the CMMC program is a mandatory requirement for all contractors and subcontractors who handle Federal Contract Information (FCI).