Pentagon issues proposed rule to put in place CMMC requirements for acquisition purposes

The Defense Department has issued a long-awaited proposed rule to establish acquisition requirements for version 2.0 of the Pentagon’s Cybersecurity Maturity Model Certification program, with details on the implementation timeline and supply chain flow-down to subcontractors.

“The proposed changes to the existing DFARS language are primarily to: (1) add references to the CMMC 2.0 program requirements proposed at 32 CFR part 170; (2) add definitions for controlled unclassified information (CUI) and DoD unique identifier (DoD UID) to the subpart; (3)...