# Cybersecurity Maturity Model Certification (CMMC) Program
> **US Department of Defense** · Final rule. · Published 2024-10-15 · Effective 2024-12-16 · 89 FR 83092
## Document
- **Document number:** 2024-22905
- **Category:** security-clearance
- **Sub-agency:** US Department of Defense
- **Federal Register citation:** 89 FR 83092
- **CFR reference:** 32 CFR 170
- **Publication date:** 2024-10-15
- **Effective date:** 2024-12-16
- **DOD docket:** Docket ID: DoD-2023-OS-0063
## Abstract

With this final rule, DoD establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The mechanisms discussed in this rule will allow the Department to confirm a defense contractor or subcontractor has implemented the security requirements for a specified CMMC level and is maintaining that status (meaning level and assessment type) across the contract period of performance. This rule will be updated as needed, using the appropriate rulemaking process, to address evolving cybersecurity standards, requirements, threats, and other relevant changes.

## Source
- [Federal Register document](https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program)
---
*AI Analytics · CC0 1.0*