Site icon

The CMMC Proposed Rule and Expectations in 2024

In December 2023, the Department of Defense announced its new Proposed Rules for CMMC. This release comes two years after their initial proposal for CMMC 2.0 as a framework. 

Many of CMMC’s expected requirements are coming to pass, and the DoD is looking to finalize and aggressively roll out the program over the next three years. 

Learn more about this next phase in CMMC implementation and what it might mean for your organization.

 

What Is CMMC 2.0?

CMMC 2.0 is a revision of the original 1.0 specification intended to streamline and bolster model aspects based on initial engagement and feedback from organizations and stakeholders. The CMMC framework assures that contractors have a consistent and appropriate model for their security, abide by reasonable and mature cybersecurity practices and processes, and maintain those standards over time.

In a broad sense, version 2.0 was designed to ease contractors’ certification paths, lower costs for small and medium enterprises, and raise visibility and access to cybersecurity requirements. 

Major updates in CMMC 2.0 include:

With CMMC 2.0, the certification process is more light-filled and manageable for the small businesses it serves.

 

Why Are We Just Getting a Proposed Rule Now?

In November 2021, the DoD rescinded the initial CMMC framework (retroactively known as “CMMC 1.0”) and proposed the next version, 2.0. 

Over the next two years, this new version was seen as the necessary revision to the framework and the foundation upon which CMMC would ultimately rest. As such, the rules outlined here will begin to enter federal DiB contracts over the next three years.  

 

What Can We Expect From the Proposed Rule?

Now that the Proposed Rule has been published, we can get more insight into how the CMMC sees this program rolling out and the finer points of some of the changes. 

These finer points include:

Assessment Level Small Other than Small Total
Level 1 Self-Assessment 103,010 36,191 139,201
Level 2 Self-Assessment 2,961 1,039 4,000
Level 2 Certification Assessment 56,689

19,909

76,598
Level 3 Certification Assessment 1,327 160 1,487
Totals 163,987 57,299 221,286

 

What Are the Phases of CMMC Rollout?

The DoD plans to roll out the CMMC framework over 30+ months, with an ever-expanding set of requirements for higher-security organizations. 

Note that there are separate requirement rollouts for new contracts, and the DoD is exercising existing options for additional products and services, which are noted where relevant.

 

It’s Time to Get Ready for CMMC with Lazarus Alliance

With the new rule published and comments closed, there’s no more wiggle room for approaching CMMC compliance. And with the long lead times and relatively limited number of C3PAOs out there, waiting could cost your organization time and money it doesn’t need to lose. 

If you’re looking to kickstart your assessment, contact Lazarus Alliance.

[wpforms id=”137574″]

Exit mobile version