CMMC 2.0 Details and Links to Key Resources

CMMC 2.0 Proposed Rule Released

On Dec. 26, 2023, the DoD published the much-anticipated proposed rule change for the Cybersecurity Maturity Model Certification (CMMC) program. The CMMC aims to ensure defense contractors and subcontractors are compliant with existing information protection requirements for federal contract information (FCI) and controlled unclassified information (CUI) and are protecting that sensitive unclassified information at a level commensurate with the risk from cybersecurity threats, including advanced persistent threats.

Dubbed CMMC 2.0, the proposed rule change revises certain aspects of the program to address public concerns in response to DoD's initial vision for the CMMC 1.0 program originally published on Sept. 29, 2020. The rule change is open for comment for 60 days.

Resources:

CMMC Program Information: https://dodcio.defense.gov/CMMC
DoD News Release: https://www.defense.gov/News/Releases/Release/Article/3626384/cybersecurity-maturity-model-certification-program-proposed-rule-published
CMMC Proposed Changes (Rulemaking Docket): https://www.regulations.gov/docket/DOD-2023-OS-0063
Related Comment Opportunities: DoD is also requesting comment on eight CMMC guidance documents: https://www.regulations.gov/docket/DOD-2023-OS-0096, and several new information collections, which are available at https://www.regulations.gov/docket/DOD-2023-OS-0097
|
Defense Federal Acquisition Regulation Supplement (DFARS) Rule for CMMC: The existing 48 Code of Federal Regulations (CFR) Rule will be modified to align with the 32 CFR rule for CMMC in 2024 https://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202310&RIN=0750-AK81.
CMMC 1.0 (interim DFARS rule 2019-D041) Assessing Contractor Implementation of Cybersecurity Requirements: https://www.federalregister.gov/documents/2020/09/29/2020-21123/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of
Project Spectrum published an initial assessment of "What You Need to Know" about CMMC 2.0: https://www.projectspectrum.io/#/blogdetail?id=762c98fc-db89-44b4-88ce-87c910c998ac