CMMC implementation plan takes shape in proposed rule
By 
Kyle Brasseur2023-12-28T16:28:00
The Department of Defense (DoD) released for comment a proposed rule setting guidelines for implementation of the Cybersecurity Maturity Model Certification (CMMC) program.
The proposal, published Tuesday, would “establish requirements for a comprehensive and scalable assessment mechanism to ensure defense contractors and subcontractors have … implemented required security measures” under the CMMC, which applies to federal contract information and controlled unclassified information.
Comments on the proposal are due by Feb. 26.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
PremiumAI in 2024: More business use, more fraud risks
Use of generative artificial intelligence by businesses will ramp up in 2024, as will risk of AI-driven cyberattacks and fraud, according to experts.
-
PremiumCyber expert: Reach for data security to achieve compliance
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.
More from Regulatory Policy
-
ArticleCompliance must focus on corruption as EU and U.K. seek to tackle rising risks
Corruption isn’t something that happens somewhere else, in other countries and committed by other people. Nowhere is corruption-proof, and new rules being introduced in the EU and the U.K. aim to focus compliance officers on the full gamut of risks in all jurisdictions and every sector.
-
ArticleEmployment law in the age of AI: Compliance considerations
Employment law in the age of AI is evolving faster than many companies can keep pace. As more states enact AI laws and as more case law piles on, chief compliance officers and in-house counsel must ensure that compliance policies and procedures evolve as AI legal and compliance risks evolve.
-
ArticleCompliance must future-proof AI projects to meet evolving regulations
AI implementations are surging, but many new systems are being abandoned after companies have invested in expensive projects. Now evolving AI regulation is adding to the list of reasons why new systems may fail. Compliance must watch emerging regulatory developments and ensure that any new AI tools are capable of ...