The Cybersecurity Maturity Model Certification (CMMC) proposed rule is making its way through the rulemaking process. The rule was submitted by the Department of Defense (DOD) on Dec. 26, 2023, and the public comment period on the rule closed at the end of February. This is a normal part of the rulemaking process. The DOD now needs to respond to those comments.
As expected, the rulemaking has created much attention and there were 787 comments received. What can we learn about the industry and some of the looming challenges that contractors will face? We have attempted to review the comments and share insights that were discovered in this series.
Some of the comments were clearly anticipated. Interestingly, the DOD still had comments from prior rulemaking that they attempted to address in the proposed rule.
