Governance, Risk and Compliance, Government Regulations

Final CMMC rule issued by Defense Department

Share
An aerial view of the Pentagon.

DefenseScoop reports that the U.S. Department of Defense has unveiled its final Cybersecurity Maturity Model Certification 2.0 rule that would impose updated contractor cybersecurity standards by the middle of next year.

Included in the finalized CMMC 2.0 rule are required third-party or Defense Industrial Base Cybersecurity Assessment Center compliance evaluations of contractors dealing with sensitive data although contractors with less sensitive information would be permitted to undergo self-assessments. Moreover, contractors failing to fulfill CMMC standards would be given conditional certification lasting six months, said the Defense Department. "The Department understands the significant time and resources required for industry to comply with DoD’s cybersecurity requirements for safeguarding CUI and is intent upon implementing CMMC requirements to assess the degree to which they have done so," said the Pentagon, which also noted the publication of the amended Defense Federal Acquisition Regulation Supplement rule, which would result in the inclusion of CMMC requirements in contracts and solicitations, by mid-2025.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.