Cybersecurity Maturity Model Certification (CMMC) Program
Abstract
With this final rule, DoD establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The mechanisms discussed in this rule will allow the Department to confirm a defense contractor or subcontractor has implemented the security requirements for a specified CMMC level and is maintaining that status (meaning level and assessment type) across the contract period of performance. This rule will be updated as needed, using the appropriate rulemaking process, to address evolving cybersecurity standards, requirements, threats, and other relevant changes.
Federal Register Source
This document is published by the Office of the Federal Register, National Archives and Records Administration. Access the full regulatory text, preamble, and docket comments below.
View Full Text on FederalRegister.gov →Opens in new tab · federalregister.gov
Frequently Asked Questions
What is the 2024-22905 Federal Register document?
Is document 2024-22905 an economically significant rule?
Other Rules from DOD
Read our methodology - how this data is sourced, computed, and verified.
Related
Every figure on PlainRegWatch is rendered directly from state source data, no number is typed in by an editor. This page draws directly on federal and state source data, no figure is typed in by an editor. See our editorial standards & corrections policy, the methodology behind these numbers, or report a data error.