A rule finalizing the Department of Defense’s (DoD) implementation of Cybersecurity Maturity Model Certification (CMMC) requirements in DoD contracts has taken effect following delays due to the COVID-19 pandemic, FedScoop reported Tuesday. The DoD first published the CMMC requirements in early 2020.
The Defense Federal Acquisition Regulation Supplement (DFARS) rule change finalizes the requirement for contractors to pass CMMC assessments based on five levels of cyber maturity. Information on contractor assessments will be housed in the Enterprise Mission Assurance Support Services database, according to DoD officials.
Katie Arrington, chief information security officer of defense for acquisition and sustainment and a 2020 Wash100 Award recipient, said at an AFCEA event that the Pentagon plans to issue a press release on contracts that will initially require CMMC certification.
The Pentagon plans to enact a five-year rollout plan for the CMMC effort to help contractors prepare for assessments and secure certification, according to the report.