DOD Proposed Rule Solidifies Plans for CMMC 2.0 Program: Security Requirements, Assessments, Affirmations, and Some Flow-Down Details

December 27, 2023

WHAT: The U.S. Department of Defense (DOD) has issued a proposed rule setting forth the requirements for its long-anticipated Cybersecurity Maturity Model Certification 2.0 (CMMC) program. The proposed rule primarily addresses security, assessment, and affirmation requirements for contractors that handle federal contract information (FCI) and controlled unclassified information (CUI). The proposed rule also outlines requirements for flow-down of CMMC obligations to subcontractors.

DOD announced that there will be eight CMMC program guidance documents that further describe assessment processes and provide additional guidance for contractor compliance. We will follow up with a deeper dive into the key elements and implications of this significant proposed rule. We’ve previously covered anticipated changes from the CMMC 1.0 program here.

WHEN: DOD issued the proposed rule on December 26, 2023, with a 60-day comment period (through February 26, 2024).

Read Time: 1 min
Jump to top of page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.