Overview
Hot off the press: The US Department of Defense (DoD) published a final rule codifying the Cybersecurity Maturity Model Certification (CMMC) Program. Once effective, the final CMMC rule will apply to all DoD contractors or subcontractors that process, store, or transmit Federal Contract Information or Controlled Unclassified Information, and the service providers that support those contractor information systems.
Understanding the new CMMC requirements is crucial for Federal contractors and service providers to ensure compliance and maintain eligibility for DoD contracts now and in the future. Our multidisciplinary team of lawyers, who have extensive experience in cybersecurity and government contracts, provided a deep dive into the final CMMC rule and its implications.
Discussion topics included:
- An overview of the final CMMC rule and the key changes from the proposed rule
- An outline of the phased approach for CMMC adoption
- Temporary and enduring exceptions
- Requirements for cloud service providers and other external service providers
