G-Tech Studios | Shutterstock

Last November, the Defense Department announced sweeping changes to the Cybersecurity Maturity Model Certification program in a new “version 2.0.” Although we are still awaiting the interim regulations, DOD has revealed several updates over the last few months. In its latest comments it has expressed a desire to issue the interim rule implementing CMMC 2.0 by May 2023, with initial requirements showing up in DOD contracts 60 days after the interim rule publication. DOD is also working to finalize additional guidance for identifying CUI, which has been under development for just over 18 months. In the meantime, DOD has been encouraging contractors to focus on compliance with the current requirements in the -7012 clause as well as the assessment requirements in DFARS 252.204-7019 and -7020, which DOD announced at the same time as CMMC 1.0 in September 2020.

Source: