noodls browser compatibility check

The security settings of your browser are blocking the execution of scripts.

To use noodls, javascript support must be enabled. Please change your browser's security settings to enable javascript.

If you have changed your browser's security settings, you can click here.

related announcements

Professional and Business Services

Covington & Burling LLP

September 2024 Developments Under President Biden’s AI Executive Order
Covington & Burling LLP

FTC and DOJ Announce Final Rule Reshaping HSR Filing Requirements
Covington & Burling LLP

EU Commission Publishes Report Assessing EU Consumer Laws and Paves Way[...]

Legal

Covington & Burling LLP

10/11/2024 | News release | Distributed by Public on 10/12/2024 10:56

Cybersecurity Maturity Model Certification (CMMC) Program Final Rule Announced

On October 11, 2024, the U.S. Department of Defense ("DoD") released an unpublished version of the Cybersecurity Maturity Model Certification ("CMMC") Program Rule. The final rule will be published in the Federal Register on October 15, 2024 and will become effective sixty days after publication. This rule formally establishes the CMMC Program for DoD and is one of two complementary sets of regulations that govern operation of the Program.

The CMMC Program rule will provide DoD with a means to validate that contractors are in compliance with security measures necessary to safeguard Federal Contract Information ("FCI") and Controlled Unclassified Information ("CUI") and will also impose stricter requirements around implementation of required security controls. The rule authorizes DoD to confirm that a defense contractor or subcontractor has implemented and maintains security requirements for a specified CMMC level (Level 1, Level 2, or Level 3) and assessment type (self-assessment, third party assessment, or government assessment) across the contract period of performance. The CMMC level required is based on the type of information that will be safeguarded during contract performance, and specific security requirements are specified for each level.

Separate from this rulemaking, on August 15, 2024, DoD published the proposed rule that complements the final CMMC Program rule. In contrast to the CMMC Program rule, that proposed rule would outline contract requirements around CMMC and would implement CMMC in the Defense Federal Acquisition Regulation Supplement ("DFARS"). When finalized, the procurement rule will require DoD to impose a specific CMMC level in a solicitation or contract. When CMMC requirements are applied to a solicitation through this procurement rule, contracting officers will not make award, exercise an option, or extend the period of performance on a contract, if the offeror or contractor does not have the passing results of a current certification assessment or self-assessment for the required CMMC level, and an affirmation of continuous compliance with the security requirements in the Supplier Performance Risk System ("SPRS") for all information systems that process, store, or transmit FCI or CUI during contract performance. DoD can impose CMMC requirements on contracts awarded before the procurement rule is finalized, but that would be done on a contract-by-contract basis. We addressed this proposed rule in a prior blog.

Sharing and Personal Tools

Please select the service you want to use:

Back

View original format