The proposed rule confirms a phased rollout for CMMC compliance, expected to begin in early 2025, with all defense contracts ultimately requiring compliance across three levels.
CMMC Level 1 remains a self-assessment, while Levels 2 and 3 introduce requirements for third-party assessments to ensure effective cybersecurity practices among contractors.
The final rule aims to clarify definitions of CUI, which is essential information that CMMC seeks to protect from unauthorized access, enhancing overall data security.
Contractors will need to maintain CMMC compliance throughout the contract's life, with significant implications for contract awards based on their compliance level at the time.
[
Collection
]
[
|
...
]