Summary: The Defense Department’s long-awaited proposed rule for the Cybersecurity Maturity Model Certification program lays out DoD’s plan to introduce the CMMC requirements over the next three years. The proposed rule, released today and scheduled to be published in the Federal Register on Dec. 26, would establish requirements “for a comprehensive and scalable assessment mechanism” to ensure defense contractors are implementing required security protections. DoD already has a provision in its contracts requiring companies that handle controlled unclassified information to protect it in accordance with controls set by the National Institute of Standards and Technology. Learn more about your ad choices. Visit megaphone.fm/adchoices
