Tego has been focused on ensuring organizations are fully informed about the requirements for CMMC compliance. Earlier this year, we announced that the DoD sent the proposed rule for CMMC to OMB-OIRA and explained what that means for the deadline for CMMC compliance. We now know that the deadline for posting comment rules is November 21, and we expect a 60-day comment period.
Here are some additional essential updates about CMMC that you should be aware of:
- Supply chain risk is growing, and the DoD repeatedly emphasizes the importance of the supply chain in operations.
- The location of Controlled Unclassified Information (CUI) is a critical point in any assessment conducted. Proper account management, access control and authorization, and off-boarding procedures are necessary to protect CUI.
- Incident response training and testing is under significant scrutiny. Tabletop testing is an excellent way to test your Disaster Recovery Plan (DRP) and Incident Response Plan (IRP).
- Utilizing a Registered Practitioner Organization (RPO) is the best way to test compliance procedures and identify gaps in your security strategy.
- NIST 800-171 requirements have been revised. These requirements are utilized as part of the CMMC compliance, and organizations should already follow them.
Tego is an RPO with several years of experience in security, audit, and compliance and maintains training in basic CMMC methodology. The expected timeline for completing a pre-assessment and addressing any POA&Ms will take at least 6-12 months. It is highly recommended that you engage with us sooner rather than later, as we fully expect the demand for pre-assessments and consulting to increase in 2024.
Contact us today to schedule a call to learn more about our services.