On Sept. 29, 2020, the Department of Defense (DoD) issued an interim rule, Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041), that implements its "Cybersecurity Maturity Model Certification" (CMMC) program.1 While this implementing regulation has been long-awaited, it also contains an unexpected new cybersecurity assessment requirement that will be effective this coming Nov. 30. During the CMMC roll-out period, contractors not subject to the new CMMC requirement nonetheless will be required to self-assess (or have DoD assess) their current cybersecurity compliance and report that status to a DoD website prior to any new DoD contract award or DoD's exercise of any contract option or extension of contract performance.
- posted
3 years ago
formatting link