Current Status of CMMC 2.0 - Possible Release Date
Update: The timeline for when CMMC will be officially published has been altered over the past year. In 2022, the original plan was to see CMMC wording included in contracts by May of 2023. However, as of July 24th, 2023, the proposed CMMC rule has been sent to the Office of Management and Budget where they will have 90 days to review and send it back for changes. If approved, the rule will enter into a public comment period. This means that CMMC may be finalized in Q1 of 2025. What is CMMC?
The cybersecurity maturity model certification (CMMC) is a proposed compliance standard developed by the DOD that seeks to create a standardized process of securing controlled unclassified information (CUI) across private organizations working within the Defense Industrial Base (DIB). Initially created with 5 levels of maturity, CMMC 2.0 consolidated these levels into 3: Foundational, advanced, and expert.
Updated Release Window for CMMC 2.0
The CMMC "Proposed rule" was published in December of 2023, for public comment and adjudication from the Department of Defense. As of June 27th, 2024, the DoD completed their review, signifying their dedication to pushing CMMC across the finish line.
With the completion of the DoD’s adjudication process, a "Final Rule" version of the regulation has been sent to the Office of Information and Regulatory Affairs ("OIRA"), part of the White House's Office of Management and Budget ("OMB"). OIRA now has up to ninety (90) days to review, recommend changes to, and approve the Final Rule. This means that the Final Rule should be published in the Federal Register no later than October 26, 2024.
If your organization wants to become CMMC compliant but isn't sure where to start, contact CorpInfoTech today!
Want more information about CMMC, check out CorpInfoTech’s blogs:
- What Is CMMC and Who Needs It
- What Does CMMC Mean to the Manufacturing Industry?
- The Basic of CMMC 2.0 for Dod Contractors
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.
![CIT_Name_Logo_RGB-1-300x40](https://www.corp-infotech.com/hubfs/CorpInfoTech%20Branding/CIT_Name_Logo_RGB-1-300x40.png)