CMMC Rule is Imminent
The Cybersecurity Maturity Model (CMMC) Final Rule, also known as CFR 32, was released by the Office of Information and Regulatory Affairs (OIRA) on September 23, 2024. The rule is expected to become law in Q4 2024 and take effect in early 2025.
The CMMC Final Rule requires defense contractors to:
- Demonstrate CMMC compliance when a contract is awarded
- Have contracting officers verify that CMMC compliance results are posted in the Supplier Performance Risk System (SPRS)
- Pass CMMC requirements on to their subcontractors
The CMMC Final Rule also includes other requirements, such as:
- Notification if a contractor changes their systems
- Increased oversight of third-party assessors
- Reduced assessment costs for some companies
- The CMMC Final Rule is considered a Major Rule, which means it will undergo a Congressional review of up to 60 days before it becomes law. Congress can overturn the rule if both houses and the President take action.
Join us for an insightful event on the Importance of CMMC Scoping and Self-Assessment. Discover how proper scoping defines your organization’s information system boundary and helps categorize security assets, streamlining the CMMC certification process. Learn the steps to conduct an accurate, evidence-based self-assessment, providing a strong foundation for decision-making and security control remediation. Gain the confidence you need to approach your CMMC certification with clarity and readiness.
The post CMMC Scoping and Self Assessment [10/30/2024 10AM] appeared first on Alabama Small Business Development Center.