CMMC 2.0 Proposed Rule Released

On Dec. 26, 2023, the DoD published the much-anticipated proposed rule change for the Cybersecurity Maturity Model Certification (CMMC) program. The CMMC aims to ensure defense contractors and subcontractors are compliant with existing information protection requirements for federal contract information (FCI) and controlled unclassified information (CUI) and are protecting that sensitive unclassified information at a level commensurate with the risk from cybersecurity threats, including advanced persistent threats.

Dubbed CMMC 2.0, the proposed rule change revises certain aspects of the program to address public concerns in response to DoD's initial vision for the CMMC 1.0 program originally published on Sept. 29, 2020. The rule change is open for comment for 60 days.