"Circle Nov. 10 as when the Defense Department's new cyber and supply chain security standard for the entire industrial base starts to be implemented, almost six years after Pentagon leadership began talking about it. The final rule for the Cybersecurity Maturity Model Certification 2.0 standard went into effect in December 2024, while the next step to implement the program into contracts started Tuesday with a regulation released for public inspection."
"DOD plans to roll out the program in a four-phase process over the next three years. In the first phase starting Nov. 10, solicitations will require self-assessments at certification Levels 1 and 2 where applicable. Some Level 2 certifications will require a verification check done by a certified third-party assessor organization if the data is considered more sensitive. Any and all Level 3 applicants will require certification from the Defense Industrial Base Cybersecurity Assessment Center."
"Industry now has two months' notice before CMMC 2.0 begins to appear in DOD solicitations. CMMC 2.0 is the Pentagon's new set of requirements for companies that house controlled unclassified information or federal contract information in their systems. The release of the new 48 CFR rule indicates industry can also circle Nov. 10, 2028, as when all DOD solicitations and contracts will mandate some level CMMC compliance for eligibility to bid for the work."
Nov. 10 marks the start of implementing CMMC 2.0 into DOD solicitations, following the final rule that took effect in December 2024. The 48 CFR amendment to the Defense Federal Acquisition Regulation Supplement gives industry two months' notice before requirements appear in contracts. CMMC 2.0 covers companies that store controlled unclassified information or federal contract information, with three certification levels based on sensitivity. DOD will roll out the program in four phases over three years. Phase one requires self-assessments for Levels 1 and 2; some Level 2 cases need third-party assessment and Level 3 requires DIBCAC certification. Full mandatory compliance begins Nov. 10, 2028.
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]