Defense contractors should begin preparing for Cybersecurity Maturity Model Certification (CMMC) implementation, expected to begin taking effect early in 2025, based on a proposed rule published in December 2023 setting out three levels of controls (“Levels”).
Cybersecurity controls for Levels 1 and 2 contracts are already in effect through existing regulations, but contractors for Level 3 contracts will be required to comply with additional cybersecurity controls yet to be published.