It seems that we finally have a deadline for those of us who have CMMC requirements for our DoD contracts. Sounds like the deadline at this point will be May 2023, followed by a 60-day public comment period, and requirements ultimately appearing in DoD contracts by July 2023. This means that now is the time to prepare if you haven’t already!
According to the CIO of the U.S. DoD, “The Cybersecurity Maturity Model Certification (CMMC) program is aligned to DoD’s information security requirements for DIB partners. It is designed to enforce protection of sensitive unclassified information that is shared by the Department with its contractors and subcontractors. The program provides the Department increased assurance that contractors and subcontractors are meeting the cybersecurity requirements that apply to acquisition programs and systems that process controlled unclassified information.”
CMMC 1.0 guidelines were originally published in 2020. They outlined a basic framework for DoD contractors to follow and established a 5-year phase in period. After an extensive internal review, DoD refined the policy and released CMMC 2.0, which is designed to:
The CMMC 2.0 program has now refined the model and added improvements, including:
By updating and streamlining the CMMC requirements, the DoD has made it both easier for contractors to understand the guidelines and, in turn, to adhere to the requirements that CMMC 2.0 has set out to define. Because of the due diligence and effort that DoD put into the refinement of CMMC, our governmental supply chain will absolutely be safer in the future.
If your organization needs help preparing for the upcoming CMMC guidelines, Epsilon can help. Message us today to discuss the requirements you need and how to transition in time.