CMMC is designed to ensure that defense contractors and subcontractors are compliant with existing information protection requirements for federal contract information (FCI) and controlled unclassified information (CUI) and are protecting that sensitive unclassified information at a level commensurate with the risk from cybersecurity threats, including advanced persistent threats.
The proposed rule published today revises certain aspects of the program to address public concerns in response to DoD’s initial vision for the CMMC 1.0 program, as originally published on Sep. 29, 2020. With its streamlined requirements, the CMMC program now provides for:
Simplified compliance by allowing self-assessment for some requirements
Priorities for protecting DoD information
Reinforced cooperation between the DoD and industry in addressing evolving cyber threats
As discussed in the proposed rule, CMMC requires cybersecurity assessment at only three levels, starting with basic safeguarding of FCI at CMMC Level 1.
General protection of CUI will require assessment at CMMC Level 2, and a higher level of protection against risk from advanced persistent threats will require assessment at CMMC Level 3. This rule also adds flexibility by allowing for limited use of Plans of Action and Milestones and a government waiver request process. DoD estimates overall program costs will be reduced by allowing for self-assessments for Level 1 and some Level 2 assessments and minimizing cost to industry for Level 3 assessments by having Government assessors from Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) conduct these assessments.
Additionally, CMMC aligns directly with the cybersecurity requirements described in National Institute of Standards and Technology (NIST) Special Publications 800-171 and 800-172.
A follow-on Defense Federal Acquisition Regulation Supplement (DFARS) rule for CMMC will be provided for public comment in 2024. The existing 48 Code of Federal Regulations (CFR) Rule will be modified to align with the 32 CFR rule for CMMC. More information on the timing of the proposed DFARS rule can be found at https://www.reginfo.gov/public/do/eAgendaViewRule?pubId=202310&RIN=0750-AK81.
Team Orlando News offers two options of event listings:
A complimentary event listing includes the name and date of your event, as well as a link to your event’s website. Event listings must be approved by Team Orlando News staff and are then posted on the Event page; these listings appear in date order.
A signature event listing is featured on the Events page and includes all of the above, plus a description (up to 400 characters), entry fee, where the event is located and one featured image/photo. The cost per signature listing is $150.