CMMC Final Rule Drop
The Cybersecurity Maturity Model Certification (CMMC) Program final ruling has been dropped on the Federal Register as of today. The publication of the final ruling will be on Tuesday October 15th, 2024. The effective date that is pointed out in the final ruling is 60 days from the publication date on the Federal Register, making the effective date December 14th, 2024.
For those who are just coming into the DoD contracting world, or just learning about what CMMC is, the importance of the final rule being released is that the CMMC program is moving forward. The final rule addresses many of the comments/concerns/questions submitted when the proposed rule dropped in December of 2023. With the program moving forward, DoD contractors will need to start getting ready to complete self-assessments against different levels of cybersecurity maturity, and possibly a third-party assessment against those requirements. If an organization does not adhere to these new requirements, they could lose their ability to do contract work with the DoD.
Over the next few days, we will be analyzing the changes to the final ruling, the public comment responses, and any clarifications listed in the final rule. We will be posting a blog post next week discussing the rule as it is published along with any relevant changes and updates that we notice.
In the meantime, if you would like to read through the final ruling visit the following link:
Keep an eye out for our next post discussing the CMMC program final ruling!