Cybersecurity rules for DoD contractors get expected update
NewsJanuary 04, 2024
WASHINGTON. The U.S. Department of Defense (DoD) published the anticipated updated rules for for the DoD’s Cybersecurity Maturity Model Certification (CMMC) program on December 26, 2023, after announcing nearly two years ago that CMMC 2.0 was on its way.
The new rules are a follow-on to the Cybersecurity Maturity Model Certification (CMMC), a unified standard for security introduced by the U.S. Department of Defense (DoD) that strove initially to bring about a cultural shift within engineering and test organizations.
According to a statement from the DoD, the certification program seeks to strengthen the cybersecurity of the defense industrial base by mandate; the revised parts, said Pentagon officials, will now allow self-assessment for some requirements, lay out priorities for protecting DoD information, and reinforce cooperation between the DoD and industry in addressing evolving threats.
Under CMMC 2.0, defense contractors and subcontractors that have access to controlled unclassified information (CUI) will be required to demonstrate the “maturity” of their own cybersecurity programs against a set of increasingly advanced capabilities.
Due to time line and proposed rule issues, the CMMC requirements could come online in contractor solicitations as soon as summer 2024.