Cybersecurity Maturity Model Certification (CMMC) Program
security-clearance · US Department of Defense · Rule · Published 2024-10-15 · Effective 2024-12-16 · 89 FR 83092
Document
Document number
2024-22905
Federal Register citation
89 FR 83092
CFR reference
32 CFR 170
Type
Rule
Action
Final rule.
Category
security-clearance
Sub-agency
US Department of Defense
Publication date
2024-10-15
Effective date
2024-12-16
DOD docket
Docket ID: DoD-2023-OS-0063
Abstract
With this final rule, DoD establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The mechanisms discussed in this rule will allow the Department to confirm a defense contractor or subcontractor has implemented the security requirements for a specified CMMC level and is maintaining that status (meaning level and assessment type) across the contract period of performance. This rule will be updated as needed, using the appropriate rulemaking process, to address evolving cybersecurity standards, requirements, threats, and other relevant changes.