The final program rule for the Cybersecurity Maturity Model Certification (CMMC) program was released for public inspection today and is anticipated to be published in the Federal Register, Tuesday, October 15.
Title 32 authorizes the DoD to implement the CMMC framework and its associated requirements through its various components, such as the Defense Federal Acquisition Regulation Supplement (DFARS) and other directives. The DFARS rule change to contractually implement the CMMC Program will be published in early to mid-2025. Once that rule is effective, DoD will include CMMC requirements in solicitations and contracts.
The rule publication has been anticipated for months as organizations have frequently heard about the need to comply with CMMC requirements. Tego has consistently been focused on ensuring organizations are fully informed about the requirements for CMMC compliance. As a Registered Provider Organization (RPO), Tego holds certifications up to and including Registered Practitioner Advanced (RPA) and conducts pre-assessments as part of the compliance process. Our team has several years’ experience in the security, audit, and compliance space and maintain training in the CMMC Assessment Process (CAP).
“We have encouraged OSC’s who need to comply with CMMC to not wait to begin the journey to compliance,” said Greg Manson, VP of Tego Advisory Services. “The demand for pre-assessments is going to be heavy as we move into next year.” The expected timeline for completing a pre-assessment and addressing any POA&Ms will take at least 6-12 months.
For more information on CMMC or to begin your journey, contact us today.