The Defense Department released the final rule for the long-awaited Cybersecurity Maturity Model Certification program today, further paving the way for CMMC requirements to show up in contracts starting next year.
The final CMMC program rule was released for public inspection. It’s expected to officially publish in the Federal Register on Tuesday, Oct. 15.
The rule establishes the mechanisms for the CMMC program. The goal of CMMC is to verify whether defense contractors are following cybersecurity requirements for protecting critical defense information. Many contractors will be required to receive a third-party audit under the program, a significant departure from the current regime of relying on self-attestation.