top of page

Getting Ready for New CMMC Requirements NOW

Right off the bat, we’re here to tell you that anyone promising you a sure-shot solution to all your CMMC woes is trying to pull a fast one on you. The Cybersecurity Maturity Model Certification (CMMC) is a comprehensive move by the U.S. Department of Defense (DoD) that involves a lot of moving parts that have not been finalized yet. In fact, with the planned rollout of the new CMMC requirements scheduled to take place over the next five years (through to 2026), you should expect a few changes or bottlenecks along the way.

Despite the long implementation timeline, your business cannot afford to fall prey to misinformation or hope for a mythical magic bullet that will put an end to your CMMC woes. There’s absolutely no reason for you to wait until the last minute to implement the new security controls in hopes that everything will be clearer or totally in order by then. You need to seek accurate information with respect to your current cybersecurity maturity stance and what you should start preparing for. You should be implementing these changes within your business immediately to ensure you will be ready for the imminent changes to your eligibility as a contractor or supplier for the DoD and other federal entities.

We have highlighted some important aspects you must focus on now to remain eligible and in good standing with current regulatory requirements. In addition, we’ve also listed some strategic steps that you should immediately implement throughout your business to be ready for the enhanced cybersecurity practices required under the new CMMC framework.

The DFARS Interim Rule

Since new requirements under CMMC will not be fully rolled out until 2026, the Interim Rule was established by the Defense Federal Acquisition Regulation Supplement (DFARS) to immediately establish a push for the DoD Assessment Methodology component of the CMMC framework to get a measure of contractor implementation of the existing cybersecurity requirements. DFARS Case 2019-D041, effective November 30, 2020, states that the Interim Rule mandates all DoD prime contractors and the estimated 300,000 plus memb