Based on a recent announcement made on May 20th, the Cybersecurity Maturity Model Certification (CMMC) program, which resides under a newer home with the DoD Chief information office, as of February 2022, is targeting a launch date to include the new contract requirements in May 2023.
The CMMC program’s goal is still the same, protecting controlled, unclassified information essential to country security. Cybersecurity guidelines and standards are being reviewed, revamped, and adapted to strengthen the security of the defense industry, even though manufacturing, integration, assembly and contractor support.
Stacy Bostjanick, director of CMMC policy for the Defense Department, has to deal with high levels of scrutiny because of how long the changes have taken to be ironed out and integrated into the CMMC program’s compliance; two and a half years and counting. Not helping to shorten any timelines was the change of leader and department ownership to the Office of the Undersecretary of Defense for Acquisition and Sustainment this past February. Many uphill battles are occurring between the ownership movement and the struggles CMMC previously brought to the smaller businesses to comply with the certificate program. Other agencies continue to watch and learn from the experience of CMMC.
“Our plan is to have a phased rollout like we did before to ensure that the CMMC ecosystem is ready and capable of handling all those that would need to get a certification for any acquisition that the DOD would request,” Bostjanick stated.
Leadership is optimistic that the updated CMMC regulations will be seen in good light. Even after the pen ink dries on the process from the CMMC program, there is still a 60-day public comment period which can provide and spark new debate, scrutiny, or if all goes well, embrace. Both the contractors and the leadership are waiting on the edge of their seats to see how both respond to the updates. But for now, waiting until May 2023 is the name of the game.
How can I be successful in Conquering CMMC challenges?
The implications of the Cybersecurity Maturity Model Certification may put prime contractors’ contract eligibility and revenue at risk, will require education on new prime contractor supply chain responsibilities, and necessitates that both prime and subcontractors quickly take the first steps in the certification process.
As Contracts Leaders, it’s important to understand your company’s latest progress with CMMC. Access integrated capabilities in Unison CLM to support the relevant technical requirements within the new CMMC model.