By fall 2020, all Department of Defense (“DoD”) contractors and suppliers will need to be certified in a new unified cybersecurity model. The new requirement, known as the Cybersecurity Maturity Model Certification (“CMMC”), combines various cybersecurity standards and best practices to measure the maturity of an organization’s cybersecurity practices and processes against a fixed set of capabilities. This certification will be mandatory for contractors and suppliers doing business with DoD.
DoD issued the first publicly released version of the framework for comment in September 2019. Draft, version 0.6, was publicly released in November and it is anticipated that version 0.7 will be released in December as well as formation of the CMMC Accreditation Body.
The final framework, version 1.0, will be released in January 2020 and according to DoD, the first RFIs to include the CMMC requirements will start in June 2020 and in RFPs in fall 2020.