A Deep Dive into CMMC Rule-Making

A Deep Dive into CMMC Rule-Making

In 2019, the DoD developed the Cybersecurity Maturity Model Certification (CMMC) to help organizations in the Defense Industrial Space (DIB) space certify cyber readiness. Since the inception of this initiative, there has been a lot of confusion and misinformation around rule-making, deadlines, and more. Here is a closer look at rule-making and how it pertains to CMMC

The CMMC rule-making process involves various steps to define the requirements, procedures, and expectations for organizations seeking certification. These steps typically include:

  1. Drafting: The DoD, in collaboration with industry experts and stakeholders, develops initial drafts of the rules and regulations that will govern CMMC implementation. This may involve consultations, public input, and feedback from relevant parties.
  2. Public Comment: The draft rules are made available for public review and comment. This allows individuals and organizations to provide feedback, suggestions, and concerns regarding the proposed regulations.
  3. Revision: Based on the feedback received during the public comment period, the DoD revises and refines the rules to address any identified issues, improve clarity, and incorporate relevant suggestions.
  4. Finalization: Once the revisions are complete, the DoD finalizes the CMMC rules, considering the feedback received and aligning them with the objectives and requirements of the CMMC framework.
  5. Publication: The finalized rules are officially published, typically in the Federal Register, which is the official journal of the federal government of the United States. This publication makes the rules legally binding and serves as the official reference for organizations seeking CMMC certification.
  6. Implementation and Enforcement: Following the publication of the rules, the DoD and authorized third-party organizations begin implementing and enforcing the CMMC requirements. This includes conducting assessments, granting certifications, and ensuring compliance with the established cybersecurity standards.

It’s important to note that the specific details of the CMMC rule-making process may vary over time, and it is always advisable to refer to the official sources and documentation provided by the DoD for the most up-to-date and accurate information on CMMC regulations.

Next week we’ll take a look at the difference between Title 48 and Title 32. For more information about CMMC, visit http://tegodata.com/cmmc or contact us today to schedule a call.

About the author
Jennifer Vosburgh is a seasoned Marketing and Communications professional. With over 15 years of experience, she has a strong background in Marketing, Communications, and Event Management. As Vice President of Tego Data Systems in Raleigh, NC, Jennifer is responsible for delivering full-scale Marketing Campaigns across all platforms including website, email, social media, events, and more.

By using this website you agree to our updated Conditions of Use and consent to the collection and use of your personal information as described in our updated Privacy Notice, which includes the categories of data we collect and information about your preferences and rights.