DOD Proposed Rule Solidifies Plans for CMMC 2.0 Program: Security Requirements, Assessments, Affirmations, and Some Flow-Down Details

Megan Brown, Tracye Winfrey Howard, Teresita Regelbrugge, Gary Ward
Wiley Rein LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Wiley Rein LLP

WHAT: The U.S. Department of Defense (DOD) has issued a proposed rule setting forth the requirements for its long-anticipated Cybersecurity Maturity Model Certification 2.0 (CMMC) program. The proposed rule primarily addresses security, assessment, and affirmation requirements for contractors that handle federal contract information (FCI) and controlled unclassified information (CUI). The proposed rule also outlines requirements for flow-down of CMMC obligations to subcontractors.

DOD announced that there will be eight CMMC program guidance documents that further describe assessment processes and provide additional guidance for contractor compliance. We will follow up with a deeper dive into the key elements and implications of this significant proposed rule. We’ve previously covered anticipated changes from the CMMC 1.0 program here.

WHEN: DOD issued the proposed rule on December 26, 2023, with a 60-day comment period (through February 26, 2024).

[View source.]

Written by:

Wiley Rein LLP
Wiley Rein LLP
Contact
more
less

Wiley Rein LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide