On December 26, 2023, the U.S. Department of Defense announced the proposed rule for the Cybersecurity Maturity Model Certification (CMMC) 2.0 program, with a comment period scheduled through February 26, 2024.
What It means: The proposed rule focuses on security, assessment, and affirmation requirements for all contractors dealing with federal contract information (FCI) and controlled unclassified information (CUI). This means that for companies working with the Department of Defense, compliance steps must be taken to prove adherence to existing security measures.
While not altering the security controls for most contractors, the proposed rule introduces significant compliance steps.
Who must comply:The proposed rule would apply to some degree to any and all defense contractors and subcontractors that store, process or communicate FCI or CUI on their information systems.
We can help: Our team is ready to assist you with the necessary assessments and certifications, ensuring your compliance with the new requirements with less time and hassle. We have the expertise and resources as the northwest MEP partner to do so.