CMMC Proposed Rule – Key Takeaways for Defense Contractors

On December 26, 2023, the Department of Defense (DoD) issued a long anticipated proposed rule establishing the Cybersecurity Maturity Model Certification (CMMC) program. Once fully implemented, CMMC will implement a third-party cybersecurity audit regime to ensure DoD contractors are safeguarding Federal Contract Information (FCI) and/or Controlled Unclassified Information (CUI) in their information systems. This rule would be the first of its kind in requiring a cybersecurity audit as a condition of participation in DoD contracts, with vast consequences for defense contractors of all types and sizes.

In this webinar, the speakers will break down the CMMC rule and its impact, focusing on key implementation issues and practical steps that companies can take to prepare for the rule’s roll-out.

We will delve into the following key topics:

• Summary of the contents of the proposed CMMC rule;
• Overview of the requirements of the three CMMC Levels;
• Overview of other related federal acquisition rules also pending in a rulemaking process;
• CMMC’s application to External Service Providers (ESP) and Cloud Service Providers (CSP) and the impacts on CMMC assessments;
• Timeline for implementation in DoD contracts and potential issues for subcontractors;
• Discussion of the CMMC assessment dispute resolution process and key risks to assessors and contractors;
• False Claims Act liability and CMMC’s implications for enforcement risks.
• A look forward to what is next for the CMMC rulemaking process.