Department of Defense Finalizes Rule Adding New Cybersecurity Requirements for Defense Contractors and Subcontractors
Source: JDSupra
The U.S. Department of Defense (DOD) has published a Final Rule to implement the Cybersecurity Maturity Model Certification (CMMC) program, which establishes minimum cybersecurity requirements for nearly all DOD contracts. The Final Rule is part of the DOD’s efforts to bolster the protection of sensitive information within the defense industrial base against evolving cybersecurity threats. The Final Rule is effective December 16, 2024, and will require proactive measures by contractors and subcontractors seeking to partner with the DOD.
The Final Rule will be implemented in four phases over a three-year period. Relatedly, the DFARS Proposed Rule outlines how CMMC Program requirements will be incorporated into contracts. Final comments on the DFARS Proposed Rule closed on October 15, 2024, and a Final Rule is expected in mid-2025. This will serve as the effective date for the phase-in process to begin. Once this occurs, solicitations and defense contracts that require contractors to process, store, or transmit federal contract information (FCI) or controlled unclassified information (CUI) on a non-federal system will condition contract eligibility on a contractor’s ability to meet these new requirements.
Click HERE to read the full article
Recent Posts
See AllSource: ENTREPRENEUR n Sunday, the U.S. Treasury Department announced that it would not enforce the Beneficial Ownership Information...
Source: PERKINSCOIE On February 26, 2025, President Trump issued an Executive Order (EO) calling for a sweeping review of government...
Source: AP Nearly 40% of the federal contracts that President Donald Trump’s administration claims to have canceled as part of its...
Comentários