When Will CMMC 2.0 Be Required for DoD Contracts?

Updated

The Department of Defense (DoD) originally anticipated that the CMMC 2.0 rollout would be a part of contracts this summer, but the conversation remains mostly quiet. Experts at Teal have been keeping watching closely for any indication that this is still the case.  

Let’s look at what we know so far. 

Table of Contents

Complications Abound for CMMC 2.0

In March, we reported on the CMMC complications and external factors that could likely delay the launch. This ranged from planning two rules to enforce how government contractors must protect controlled unclassified information (CUI) to updates to NIST 800-171 and the mandated clarification of CUI by The National Defense Authorization Act (NDAA). These all play a part in why the implementation process has been delayed. 

Forecasted Date of Contract Implementation

As of May 19, David McKeown (DoD’s CISO) said their team has the line items mostly “fleshed out” for each area of NIST’s framework and expects completion within 6 months. 

The NIST Cybersecurity Framework

However, it must make a few stops with the Office of Small Business and Office of Management and Budget (OMB) before government contractors can expect to see it in contracts.  

McKeown noted that the Pentagon is diligently working with the private sector to streamline and address pain points relating to the barrier of entry for small and medium-sized businesses. He stated that the target date for CMMC to hit contracts is late Fall 2024. 

Advanced CMMC Guide and Compliance Checklist eBook

Empower your company with CMMC knowledge. This guide covers the process, benefits, maturity levels, and how to prepare for your CMMC audit.

Next Steps for Defense Prime and Subcontractors

As a contractor, ensuring that your company complies with NIST 800-171 standards is crucial. If you’re confident you meet these requirements, remember to keep up with annual assessments and start thinking about potential C3PAOs

CMMC Readiness Assessment

If your company is struggling to meet cybersecurity requirements, consider partnering with a certified Registered Provider Organization (RPO) to increase your chances of success. An RPO can help you navigate complex cybersecurity controls and ensure compliance. 

Teal is proud to be one of the first companies chosen as a CMMC RPO. Our mission is to help you safeguard sensitive information and protect our warfighters. With our extensive compliance experience, we have successfully guided defense prime and subcontractors through the complexities of DFARS, NIST 800-171, and CMMC. 

By partnering with our compliance experts, your organization can rest assured that you will save valuable time and money. We will work closely with you to ensure that you are fully prepared for CMMC assessments. 

Contact us for a consultation today to get ahead of your competitors. 

Latest Teal News

Redefine What's Possible

The right IT strategies can transform your business. Subscribe now to access curated strategies, trends, and solutions for forward-thinking executives like you.

Recent Articles
Categories
Don’t Stop Here

More To Explore

Phishing

How to Prevent Phishing Attacks in Your SMB

Malware-packed phishing emails to small businesses are increasing – because they flat-out work. And the fallout for you and your customers can be catastrophic. So, we’re going to share our