Defense Dept. Rule Establishes Cyber Compliance Regime Ahead Of Full CMMC Implementation
Government Contracts Partner Eric Crusius was cited in an Inside Cybersecurity article about an interim rule that sets up the requirements for the Defense Department’s (DOD) Cybersecurity Maturity Model Certification (CMMC) program. The CMMC program will require contractors to meet all of the 110 controls in NIST 800-171, along with 20 additional controls and three processes at maturity level three. The current rule orders contractors to conduct self-assessment of NIST 800-171, but the Nov. 30 rule will be the first time the information needs to be submitted to a government procurement system that DOD acquisition officials can access.
“The new 171 regulations seem to be a stopgap measure until CMMC will roll out,” said Mr. Crusius. “These regulations focusing on 800-171 will fill the gap until everyone is required to have CMMC compliance.”