Key Notes:
- DOD has released its draft CMMC model framework, including detailed new cybersecurity requirements.
- Comments on the draft CMMC are due by September 25, 2019.
- CMMC will become a requirement in DOD solicitations next year and apply throughout the DOD supply chain.
The Department of Defense recently released new information on its Cybersecurity Maturity Model Certification program, publishing Version 0.4 of the draft CMMC model framework for public comment, which is due by September 25, 2019, and releasing its latest overview briefing on the CMMC. The CMMC enforcement mechanism will build upon, and significantly add to, the current DOD cybersecurity requirements, which include DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting) and the incorporated requirements developed by the National Institute of Standards and Technology (NIST). Additional parameters for the CMMC program are pending in the Senate and House versions of the National Defense Authorization Act (NDAA) for Fiscal Year 2020.
CMMC Program Background
The Office of the Under Secretary of Defense for Acquisition & Sustainment (OUSD(A&S)) has been working with the Johns…
