Final Rule Authorizing CMMC Req’s for DoD Contracts Takes Effect; Katie Arrington Quoted

Final Rule Authorizing CMMC Req’s for DoD Contracts Takes Effect; Katie Arrington Quoted
Katie Arrington DoD

A rule finalizing the Department of Defense’s (DoD) implementation of Cybersecurity Maturity Model Certification (CMMC) requirements in DoD contracts has taken effect following delays due to the COVID-19 pandemic, FedScoop reported Tuesday. The DoD first published the CMMC requirements in early 2020.

The Defense Federal Acquisition Regulation Supplement (DFARS) rule change finalizes the requirement for contractors to pass CMMC assessments based on five levels of cyber maturity. Information on contractor assessments will be housed in the Enterprise Mission Assurance Support Services database, according to DoD officials.

Katie Arrington, chief information security officer of defense for acquisition and sustainment and a 2020 Wash100 Award recipient, said at an AFCEA event that the Pentagon plans to issue a press release on contracts that will initially require CMMC certification.

The Pentagon plans to enact a five-year rollout plan for the CMMC effort to help contractors prepare for assessments and secure certification, according to the report.

You may also be interested in...

Gateway Life Support

NASA, Japan Sign Agreement for Gateway Life Support Capabilities

The Japanese government has inked an agreement with NASA to provide capabilities to sustain the habitation module of the agency's Gateway orbital outpost as part of the Artemis program. Gateway is designed to support scientific research efforts and function as a rendezvous point for astronauts that will fly to the Moon via the Space Launch System and the Orion spacecraft.