The CMMC Title 48 DFARS 7021 proposed rule (DFARS Case 2019-D041) was published on 8/15/2024!
The proposed rule includes items, but the most notable is the modification of ๐๐๐๐ฅ๐ฆ ๐ฎ๐ฑ๐ฎ.๐ฎ๐ฌ๐ฐ-๐ณ๐ฌ๐ฎ๐ญ which is the contractual clause that will require CMMC compliance/certification!
This proposed rule also adds a new DFARS provision titled ๐๐๐๐ฅ๐ฆ ๐ฎ๐ฑ๐ฎ.๐ฎ๐ฌ๐ฐ-๐ณ๐ฌ๐ฌ๐ฌ, โNotice of Cybersecurity Maturity Model Certification Level Requirements.โ
This provision (the โ7YYYโ is a placeholder) will be added into DoD solicitations and will let prospective contractors know what CMMC level will be required to win the contract.
This provision is very similar to DFARS 252.204-7019, โNotice of NISTSP 800-171 DoD Assessment Requirements,โ which among other things requires the submission of a NIST 800-171 SPRS score to be eligible for contract award.
So what does this mean you ask?
The CMMC Title 32 program proposed rule was released in December of 2023. DoD just sent the final version to OIRA for review. Once the CMMC program rule is finalized, CMMC assessments can begin. The final rule should be published later this year.
Once this DFARS 7021 rule is finalized, DoD will begin to include CMMC requirements in contracts starting the 3-year phase in period.
The following video describes CMMCโs phase in strategy:
Need help on your CMMC journey? We offer CMMC training for defense contractors!
Iโm also a VP of Cyber at a small defense contractor. I packaged what I learned over the years into comprehensive CMMC courses focused on the DIB!
If you are just starting your CMMC journey, donโt kno