For the third consecutive year, Hill Tech Solutions has been named one of the world's premier managed services providers on the prestigious Channel Futures NextGen 101 list!

Need IT Support?
WE CAN HELP!

It’s Happening: CMMC Rule Submitted for Final Review

Share This Post

Showing surprising speed for anything governmental, the Department of Defense (DoD) has submitted the CMMC 2.0 program rule and supporting documentation to the Office of Information and Regulatory Affairs. What that means to affected companies is that the window to achieve compliance is a shorter one than had been anticipated.

Demonstrating the urgency required by the current cybersecurity climate, DoD reviewed nearly 2,000 public comments, edited the rule accordingly, and submitted everything to OIRA in just over six months, well ahead of the typical pace for such actions.

To review, CMMC is a framework intended to protect sensitive unclassified information from the threat of cyberattacks, and from the theft of intellectual property by foreign powers. CMMC seeks to protect defense contractors and other trade partners from being potential vectors for attacks or information theft, as well as to better define the process for reporting incidents when they do occur. Defense contractors and other organizations handling federal contract information (FCI) or controlled unclassified information (CUI) must be CMMC 2.0 compliant.

The certification process is a time-consuming one (more on anticipated timelines and costs here), and those affected by the need for compliance should take note. Because of the relative speed to this last step before final publication, the time frame before compliance is necessary is relatively short.

OIRA now has 90 to 120 days to review the DoD submission, making publication likely by the end of October at the latest. From that point, there will be an interim of approximately 60 days before the final rule becomes effective. In short, compliance will be required somewhere around the time that the calendar flips to 2025, perhaps sooner.

It’s been known for some time that this new rule is pending, and many companies have already begun the compliance process. This latest development adds a new sense of urgency to those efforts.

Questions about CMMC 2.0 compliance? Contact Hill Tech Solutions.

More To Explore

Hill Tech's Technology Insights

The Kaspersky Ban – What You Should Know

You may have heard by now that the U.S. government is banning security software from Kaspersky. You may not know why, or what it means