Countdown To Compliance: The Department Of Defense Finalizes Its Cybersecurity Program Rule

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
The Department of Defense published the final version of its Cybersecurity Maturity Model Certification (CMMC) rule last week.
United States Technology

The Department of Defense published the final version of its Cybersecurity Maturity Model Certification (CMMC) rule last week. This rule establishes the parameters of the program and timeline for implementation. A separate rule to finalize associated contract requirements is expected early to mid-next year. For a deep-dive into noteworthy takeaways for the Final Rule, see our analysis here. Here are some highlights:

As many know, the goal of the CMMC program is to strengthen cybersecurity across the Defense Industrial Base by implementing a framework to ensure contractors and subcontractors adequately protect sensitive unclassified information under Department of Defense contracts. The framework requires contractors to implement cybersecurity standards at various levels (Levels 1-3) depending on the sensitivity of the information they hold, and to undergo related assessments and provide affirmations regarding compliance.

Once contract requirements are finalized, implementation of the CMMC program will be spread out over four phases spanning three years. With very limited exceptions, all companies contracting with the Department of Defense and their service providers will be impacted by this program.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More