On Dec. 26, 2023, DoD published a proposed rule implementing the CMMC Program (the Proposed Rule). The regulations come more than three years after the release of the initial CMMC regulations (November 2020) and two years after the Biden administration announced the revised “CMMC 2.0” program (January 2021). The Proposed Rule largely reflects the CMMC

On May 10, 2023, the National Institutes of Standards and Technology (NIST) released Revision 3 to its foundational publication, 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. The publication provides guidelines for protecting sensitive unclassified information in contractor systems, and these guidelines establish the baseline cybersecurity requirements for federal defense contractors. 

On Dec. 13, 2019, the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) released Draft 0.7 of the Cybersecurity Maturity Model Certification (CMMC) framework. The CMMC framework will be used by third party auditors to certify that members of the Defense Industrial Base (DIB) sector are complying with the Department of Defense’s (DOD’s) baseline