Team discusses cmmc proposed rule around a laptop

Article

CMMC rulemaking: Where are we now?

May 9, 2024 · Authored by Matt Gilbert, Jacob Stroupe

The Cybersecurity Maturity Model Certification (CMMC) proposed rule is making its way through the rulemaking process. The rule was submitted by the Department of Defense (DOD) on Dec. 26, 2023, and the public comment period on the rule closed at the end of February. This is a normal part of the rulemaking process. The DOD now needs to respond to those comments.

As expected, the rulemaking has created much attention and there were 787 comments received. What can we learn about the industry and some of the looming challenges that contractors will face? We have attempted to review the comments and share insights that were discovered in this series.

Some of the comments were clearly anticipated. Interestingly, the DOD still had comments from prior rulemaking that they attempted to address in the proposed rule.

Webinar

Connect with a CMMC specialist

Let’s begin by examining those comments:

Subcontractor applicability to scope

The DOD noted there were several comments about who the

CMMC rulemaking: Where are we now?

Webinar

Subcontractor applicability to scope

Matt Gilbert

Related sections

Article Tags

Joint ventures

Operational technology/specialized assets

Fundamental research

International implications of CMMC

CUI markings

Discuss more details about the CMMC proposed rule with our team