Following several years of fits and starts, the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) Program is finally here.
On October 14, the DoD published the final rule implementing the CMMC program. Fundamentally, CMMC is a verification requirement to ensure contractors are complying with DFARS 252.204-7012 and 252.204-7020 and that the DoD has visibility into contractor cybersecurity systems. However, it adds a significant compliance burden to any organization that processes, stores, or transmits Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). Over the next few years, contractors will race to implement the necessary cybersecurity controls to ensure compliance with the applicable CMMC level and consequently, their eligibility for contract award.