On October 11, the final program rule for the Cybersecurity Maturity Model Certification (CMMC) Program was published on the Federal Register. This final rule is aimed at streamlining the process associated with small- and medium-sized businesses in the Defense Industrial Base (DIB) becoming officially certified to work on government contracts requiring them to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The final instantiation of the program defines three assessment levels (down from the original five) and also formally defines the third level and the twenty-four NIST SP 800-172 requirements required for Level 3 certification.

The formal rule is expected to be published later today. In the meantime, you can read the announcement of the publication here.

If you are unfamiliar with the CMMC Program, take time to educate yourself. It is a critical piece of our national cybersecurity strategy and your key to remain eligible to bid on federal government contracts!

If you have any questions about the program, or if you know you need to become more cyber secure to become compliant, Project Spectrum has you covered. Our team of expert cyber advisors is at the ready to assist you on your cybersecurity compliance journey! Reach out to us today at outreach@projectspectrum.io.