Overview
The US Department of Defense (DoD) published a final rule codifying the Cybersecurity Maturity Model Certification (CMMC) Program. Effective December 16, 2024, the final CMMC rule applies to all DoD contractors or subcontractors that process, store, or transmit Federal Contract Information or Controlled Unclassified Information, and the service providers that support those contractor information systems.
Explore insights and resources from our multidisciplinary team of lawyers to help federal contractors and service providers understand the new CMMC requirements and maintain eligibility for DoD contracts now and in the future.
INSIGHTS AND RESOURCES
Understand the different certification requirements of CMMC Level 1, 2, and 3, the impact on contractors and external service providers, and proposed next steps:
- CMMC From the Bottom Up: A Detailed Review of Level 1
- CMMC Level 2: The Good, the Bad and the Ugly
- CMMC Level 3: Strict Scoping and Expansive Requirements
Navigating the Final CMMC Rule: Watch the recording and download the materials from our webinar providing a deep dive into the final CMMC rule and its implications.
Are We There Yet? DoD Issues Final Rule Establishing CMMC Program: As a first look at the final rule, learn about the key changes from the proposed rule that was published in December 2023.
DoD Issues Proposed DFARS Rule to Implement CMMC 2.0: The DoD took the next step in implementing the CMMC Program on August 15, 2024, when it issued a Proposed Rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS), which provides the solicitation and contract clauses that will apply CMMC to individual procurements.
DoD Rings in 2024 With Proposed CMMC Rule: On December 26, 2023, the DoD shared its first New Year’s resolution – codifying the CMMC Program through a long-awaited proposed rule.
If you have questions about the final rule or how to comply, please contact your regular McDermott lawyer or the authors below.
