When Will CMMC 2.0 Be Required for DoD Contracts?

The Department of Defense (DoD) originally anticipated that the CMMC 2.0 rollout would be a part of contracts this summer, but the conversation remains mostly quiet. Experts at Teal have been keeping watching closely for any indication that this is still the case.  

Let’s look at what we know so far. 

Table of Contents

Complications Abound for CMMC 2.0

In March, we reported on the CMMC complications and external factors that could likely delay the launch. This ranged from planning two rules to enforce how government contractors must protect controlled unclassified information (CUI) to updates to NIST 800-171 and the mandated clarification of CUI by The National Defense Authorization Act (NDAA). These all play a part in why the implementation process has been delayed. 

Forecasted Date of Contract Implementation

As of May 19, David McKeown (DoD’s CISO) said their team has the line items mostly “fleshed out” for each area of NIST’s framework and expects completion within 6 months. 

The NIST Cybersecurity Framework

However, it must make a few stops with the Office of Small Business and Office of Management and Budget (OMB) before government contractors can expect to see it in contracts.  

McKeown noted that the Pentagon is diligently working with the private sector to streamline and address pain points relating to the barrier of entry for small and medium-sized businesses. He stated that the target date for CMMC to hit contracts is late Fall 2024. 

Advanced CMMC Guide and Compliance Checklist eBook

Empower your company with CMMC knowledge. This guide covers the process, benefits, maturity levels, and how to prepare for your CMMC audit.

Next Steps for Defense Prime and Subcontractors

As a contractor, ensuring that your company complies with NIST 800-171 standards is crucial. If you’re confident you meet these requirements, remember to keep up with annual assessments and start thinking about potential C3PAOs

CMMC Readiness Assessment

If your company is struggling to meet cybersecurity requirements, consider partnering with a certified Registered Provider Organization (RPO) to increase your chances of success. An RPO can help you navigate complex cybersecurity controls and ensure compliance. 

Teal is proud to be one of the first companies chosen as a CMMC RPO. Our mission is to help you safeguard sensitive information and protect our warfighters. With our extensive compliance experience, we have successfully guided defense prime and subcontractors through the complexities of DFARS, NIST 800-171, and CMMC. 

By partnering with our compliance experts, your organization can rest assured that you will save valuable time and money. We will work closely with you to ensure that you are fully prepared for CMMC assessments. 

Contact us for a consultation today to get ahead of your competitors. 

Latest Teal News

Subscribe to Our Newsletter

Join Teal Exclusive now to be notified of the latest news, tech tips, and more.

Recent Articles
Categories
Don’t Stop Here

More To Explore

IT Consulting

Guide to IT Consulting Services for Small Businesses

IT consulting bridges the gap between your current capabilities and future goals – helping you navigate unique business challenges. However, many small businesses overlook this resource because they assume it’s

Reducing IT Costs Without Compromising Cybersecurity

Robust cybersecurity can be affordable, but it requires reducing IT costs the right way. And it also depends on how you define “robust” and “inexpensive.”   If you mean cybersecurity measures