2024-16449. Improving Government Regulations; Unified Agenda of Federal Regulatory and Deregulatory Actions  

DEPARTMENT OF DEFENSE (DOD)

Office of the Secretary (OS)

Final Rule Stage

57. Cybersecurity Maturity Model Certification (CMMC) Program [0790-AL49]

Legal Authority:5 U.S.C. 301; Pub. L. 116-92, sec. 1648

Abstract: The Department of Defense (DoD) is l finalizing requirements o ensure defense contractors and subcontractors have, as part of the Cybersecurity Maturity Model Certification (CMMC) Program, implemented required security measures for Federal Contract Information (FCI) and add new Controlled Unclassified Information (CUI) security requirements for certain priority programs.

Timetable:

Regulatory Flexibility Analysis Required: Yes.

Agency Contact: Diane L. Knight, Senior Management and Program Analyst, Department of Defense, Office of the Secretary, 4800 Mark Center Drive, Suite 12E08, Alexandria, VA 22350, Phone: 202 770-9100, Email: diane.l.knight10.civ@mail.mil.

RIN: 0790-AL49

DEPARTMENT OF DEFENSE (DOD)

Defense Acquisition Regulations Council (DARC)

Proposed Rule Stage

58. Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) [0750-AK81]

Legal Authority:41 U.S.C. 1303; Pub. L. 116-92, sec. 1648

Abstract: DoD is amending an interim rule to implement the CMMC framework 2.0 in order to protect against the theft of intellectual property and sensitive information from the Defense Industrial Base (DIB) sector. The CMMC framework, as defined in Title 32 of the Code of Federal Regulations (CFR), assesses compliance with applicable information security requirements. This rule provides the Department with assurances that a DIB contractor can adequately protect sensitive unclassified information at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.

Timetable: