The release of the CMMC ruling has been release this morning December 22, 2023. Anticipation for this development has been building since 2020. It is important to note that while this is not the definitive final rule, it is a proposed final rule. The finalized version that can be incorporated into DoD contracts is expected to be established in approximately 12-15 months. Nevertheless, it is evident that CMMC is progressing, and stakeholders are strongly encouraged to approach it with utmost seriousness.
The Department of Defense (DoD) is proposing the establishment of comprehensive and scalable assessment requirements within the framework of the Cybersecurity Maturity Model Certification (CMMC) Program. This initiative aims to ensure that defense contractors and subcontractors have implemented the necessary security measures. The intent is to extend the application of existing security requirements for Federal Contract Information (FCI) while introducing new security requirements for Controlled Unclassified Information (CUI) in specific priority programs.
Presently, the DoD mandates that covered defense contractors and subcontractors adhere to the security provisions outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Rev 2. This ensures adequate security for sensitive unclassified DoD information processed, stored, or transmitted on contractor information systems. These entities are also required to document their implementation status, including any outstanding plans of action for unimplemented NIST SP 800-171 Rev 2 requirements, within a System Security Plan (SSP).
The CMMC Program serves as a mechanism for the Department to verify whether a defense contractor or subcontractor has implemented the requisite security requirements at each CMMC Level. Moreover, it ensures the continuous maintenance of this status throughout the contract period of performance, in accordance with the program’s stipulations.
#CMMC #CMMCOMPLIANCE #RPO #CMMCCONSULTANTS #ITARCONSULTANTS #NIST800-171CONSULTANTS
#MSP #MSSP #GOVCOMPLIANCE
Wishing you a joyful Christmas season!
Once it is published it will be available on this page in an official form. Until then, you can download the unpublished PDF version.
This document is unpublished. It is scheduled to be published on 12/26/2023.
Filed at: 12/22/2023 at 8:45 am
Scheduled Publication Date: 12/26/2023
Agency: Defense Department
Document Type: Proposed Rule
Document Number: 2023-27280
If you have any questions or concerns Please Contact Us!
Brea Networks, LLC
451 W. Lambert Rd Suite 214
Brea, CA 92821
Tel: (714) 592-0063