At the moment, CMMC requirements apply exclusively to DoD contracts. However, there are indications that other federal agencies may adopt similar cybersecurity standards in the future.
Interest in adopting CMMC-like standards is growing among other federal agencies. The Aerospace Industries Association, among others, has noted the potential for CMMC’s expansion beyond the DoD. There is also a proposed FAR rule concerning the protection of CUI across all federal contractors. However, the specifics of this rule are still under development, and there is no formal implementation timeline.
Organizations proactively aligning their cybersecurity practices with CMMC standards could position themselves favorably for future compliance with federal contract requirements beyond the DoD. This article provides an overview of the CMMC program, deadlines, and the potential downstream impact for other Federal agencies that do not comply.
Tego’s Advisory Services team has the expertise to help with many compliance requirements. Contact us today to learn more about our services.