2-minute read time
The Department of Defense (DoD) originally anticipated that the CMMC 2.0 rollout would be a part of contracts this summer, but the conversation remains mostly quiet. Experts at Aligned have been keeping their eyes peeled for any indication that this is still the case.
Let’s dig into what we know so far.
Complications and Factors Around CMMC 2.0
In March, we reported on the CMMC complications and external factors that could likely delay the launch. This ranged from planning two rules to enforce how government contractors must protect controlled unclassified information (CUI) to updates to NIST 800-171 and the mandated clarification of CUI by The National Defense Authorization Act (NDAA). These all play a part in why the implementation process has been delayed.
Forecasted Date of Contract Implementation
As of May 19, David McKeown (DoD’s CISO) said their team has the line items mostly “fleshed out” for each area of NIST’s framework and expects completion within 6 months.
However, it must make a few stops with the Office of Small Business and Office of Management and Budget (OMB) before government contractors can expect to see it in contracts.
McKeown noted that the Pentagon is diligently working with the private sector to streamline and address pain points relating to the barrier of entry for small and medium-sized businesses. He stated that the target date for CMMC to hit contracts is late Fall 2024.
Next Steps for Defense Prime and Subcontractors
As a contractor, ensuring that your company complies with NIST 800-171 standards is crucial. If you’re confident you meet these requirements, remember to keep up with annual assessments and start thinking about potential C3PAOs.
If your company is struggling to meet cybersecurity requirements, consider partnering with a certified Registered Provider Organization (RPO) to increase your chances of success. An RPO can help you navigate complex cybersecurity controls and ensure compliance.
Aligned is proud to be one of the first companies chosen as a CMMC RPO. Our mission is to help you safeguard sensitive information and protect our warfighters. With our extensive compliance experience, we have successfully guided defense prime and subcontractors through the complexities of DFARS, NIST 800-171, and CMMC.
By partnering with our compliance experts, your organization can rest assured that you will save valuable time and money. We will work closely with you to ensure that you are fully prepared for when CMMC becomes a contract requirement.