The U.S. Department of Defense released a special holiday treat for government contractors and subcontractors last week in the form of long-promised proposed regulations for its Cybersecurity Maturity Model Certification (CMMC) program. More than two years in the making, the current iteration of the rules contains a few surprises, including a new annual affirmation of compliance requirement for all DoD contractors and subcontractors covered by the CMMC Program. In this article, we highlight several noteworthy aspects of the proposed CMMC regulations, summarize the obligations in chart form, and explore potential implications for contractors and subcontractors.
Read the full blog post.