Department of Defense Finalizes Rule Adding New Cybersecurity Requirements for Defense Contractors and Subcontractors
Source: JDSupra
The U.S. Department of Defense (DOD) has published a Final Rule to implement the Cybersecurity Maturity Model Certification (CMMC) program, which establishes minimum cybersecurity requirements for nearly all DOD contracts. The Final Rule is part of the DOD’s efforts to bolster the protection of sensitive information within the defense industrial base against evolving cybersecurity threats. The Final Rule is effective December 16, 2024, and will require proactive measures by contractors and subcontractors seeking to partner with the DOD.
The Final Rule will be implemented in four phases over a three-year period. Relatedly, the DFARS Proposed Rule outlines how CMMC Program requirements will be incorporated into contracts. Final comments on the DFARS Proposed Rule closed on October 15, 2024, and a Final Rule is expected in mid-2025. This will serve as the effective date for the phase-in process to begin. Once this occurs, solicitations and defense contracts that require contractors to process, store, or transmit federal contract information (FCI) or controlled unclassified information (CUI) on a non-federal system will condition contract eligibility on a contractor’s ability to meet these new requirements.
Click HERE to read the full article
Recent Posts
See AllSource: WILEY President Trump issued several Executive Orders (EOs) on January 20, his first day in office, that will impact pending,...
Source: PBS President Donald Trump’s administration moved Tuesday to end affirmative action in federal contracting and directed that all...
Source: ClearanceJobs Navigating the world of government contracting can be complex, but fortunately, there are several podcasts that...
Comments