Alert February 22, 2024

DOD Publishes Video Overview of CMMC Program and Logistics

February 22, 2024

WHAT: On February 16, 2024, the U.S. Department of Defense (DOD) posted a 40-minute video overview of DOD’s proposed requirements for the Cybersecurity Maturity Model Certification (CMMC) program. The video is available here, and there is an accompanying notice in the Federal Register with a link to the video. As many contractors get ready to work with and use the CMMC program, any guidance from the government may help them understand compliance challenges.

The video discusses the proposed rule that DOD published on December 26, 2023, which outlines the CMMC program’s security, assessment, and affirmation requirements for contractors that handle federal contract information and controlled unclassified information. Comments on the proposed rule are still due by February 26, 2024. We previously summarized the proposed rule here.

WHAT DOES THIS MEAN FOR INDUSTRY: DOD released the video to “improve understanding of the proposed CMMC requirements and increase impact of the public comment period.” If you have been following the CMMC program over the last few years, you’ll already be familiar with the main points DOD emphasized throughout the video.

  • DOD will use the CMMC program to verify contractor compliance with existing cybersecurity requirements.
  • DOD is implementing the CMMC program through two related rulemakings: (1) a “program rule” will amend Title 32 of the Code of Federal Regulations (this is what DOD proposed on December 26, 2023), and (2) an “acquisition rule” will amend the DFARS, which appears in Title 48 of the Code of Federal Regulations (this remains pending in DFARS Case 2019-D041).
  • DOD intends to publish a proposed version of the acquisition rule “this year.”
  • DOD plans to synchronize the effective dates for the program rule and the acquisition rule so that both become final and effective at the same time.
  • DOD will begin the four-phase implementation period only after both rules are effective.
  • DOD aims to begin this implementation process by FY 2025, the same fiscal year in which DOD originally anticipated that it would complete its phase-in plan for the predecessor CMMC 1.0 program.
  • DOD remains committed to implementing the CMMC program.

Wiley’s cross-disciplinary Government ContractsNational Security, and Privacy, Cyber & Data Governance teams will continue to monitor these developments.

Read Time: 2 min
Jump to top of page

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek