DoD simplifies process to comply with cybersecurity rules for government contractors

Date postedOctober 18, 2024
Posted By: Matt Gilmore Government Affairs, Technical,

illustration of lock appearing to be in "cyberspace"On October 15th, the Department of Defense (DoD) published the final Cybersecurity Maturity Model Certification (CMMC) rule for public review. CMMC requires that contractors demonstrate that their computer networks and cybersecurity policies are sufficient to prevent intrusions from foreign adversaries searching for information on weapons system development and manufacturing. The new rule includes significant changes that make it easier for private sector companies to comply with the cybersecurity requirements prior to bidding on defense contracts.

The big change in the new rule is the reduction of assessment levels – down from five to three – in a streamlining of the regulation. The CMMC program requires contractors who wish to do business with the DoD to comply with cybersecurity requirements as outlined in the Federal Acquisition Regulation (FAR) and the National Institute of Standards and Technology (NIST). The previous rule included two levels that were designed to assist companies in making transitions between levels. The latest rule removes the transition levels.

CMMC Model - Levels 1-3The new rule is now structured in three levels:

  • Level One – self-assessment of a contractor’s ability to provide basic protection of federal contract information
  • Level Two – assessment of controlled unclassified information (either a self-assessment or conducted by a third-party consultant)
  • Level Three – assessment of protection of higher level controlled unclassified information conducted by the DoD Defense Industrial Base Cybersecurity Assessment Center 

The new streamlined rule is designed to assist small-to-medium sized businesses who were discouraged in seeking out defense contracting opportunities because the CMMC requirements were too cumbersome. The new design aims to make the process less expensive while still taking detailed steps to ensure national security.  

For more information about CMMC, visit the DoD's About CMMC page. The CMMC 32 CFR 170 Final Rule can be found in the Federal Register :: Cybersecurity Maturity Model Certification (CMMC) Program

Categories

News Economics Government Affairs Health & Safety Industry Management & Leadership NFFS Technical

Most Recent Posts

NFFS Academy Course Spotlight: Aluminum Casting Fundamentals Date postedOctober 21, 2024Posted by Erin Russell NFFS welcomes new members MSC Industrial Supply and alliantgroup Date postedOctober 18, 2024Posted by Matt Gilmore Health and wellness tips for insurance open enrollment season Date postedOctober 16, 2024Posted by Matt Gilmore Registration is now open for the 2025 NFFS Industry Executive Conference! Date postedOctober 16, 2024Posted by Erin Russell Is your team prepared? Access the NFFS Workplace Emergency Planning training program Date postedOctober 14, 2024Posted by Jerrod Weaver