Defense Acquisition Regulations System November 17, 2021 – Federal Register Recent Federal Regulation Documents

Cybersecurity Maturity Model Certification (CMMC) 2.0 Updates and Way Forward
Document Number: 2021-24880
Type: Proposed Rule
Date: 2021-11-17
Agency: Defense Acquisition Regulations System, Department of Defense, Office of the Secretary
This document provides updated information on DoD's way forward for the approved Cybersecurity Maturity Model Certification (CMMC) program changes, designated as ``CMMC 2.0.'' CMMC 2.0 builds upon the initial CMMC framework to dynamically enhance Defense Industrial Base (DIB) cybersecurity against evolving threats. The CMMC framework is designed to protect sensitive unclassified information that is shared by the Department with its contractors and subcontractors and provide assurance that Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) will be protected at a level commensurate with the risk from cybersecurity threats, including Advanced Persistent Threats. Under the CMMC program, DIB contractors will be required to implement certain cybersecurity protection standards, and, as required, perform self-assessments or obtain third-party certification as a condition of DoD contract award.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.