CMMC Proposed Rule Update
The Cybersecurity Maturity Model Certification (CMMC) has been in the works for several years at this point. First announced in 2019 by the Department of Defense (DoD), the CMMC model has been revised and tweaked over the years as it crawls to the ratification finish line.
What's changed for CMMC?
After regulatory approval, the Department of Defense has officially published CMMC into the federal register as a proposed rule on December 26, 2023. Published under the name 32 CFR Part 170, CMMC 2.0 will undergo a public comment period of 30-60 days where the public is given the opportunity to express their concerns or approval of the rule. This public comment period will end on February 26th, 2024.
This document is 234 pages long and contains a comprehensive description of CMMC. Being published as a "proposed rule" means that an agency is intending for this rule to "address a problem or accomplish a goal" and seeks the publics input. The feedback received from this public comment period will inform how the "final rule" is structured.
Update 10/15: The final CMMC 2.0 rule is here The Cybersecurity Maturity Model Certification has been officially published into the federal register as a final rule on October 15th. What does this mean for your organization? With this final rule, contractors must take immediate action to protect CUI and align with regulatory requirements! If your business needs guidance on navigating the complexities of CMMC 2.0, CorpInfoTech is here to help.
How Should Businesses Respond?
Businesses that fall in scope of CMMC will need to take proactive action to the upcoming rule. Organizations seeking certification (OSC) should have already taken the steps to ensure they are CMMC compliant so that when the final rule is officially implemented, they can be confident in their ability to defend CUI. With thousands of organizations within scope of CMMC and only a limited number of auditors, it could take a considerable amount of time to successfully certify your business. CorpInfoTech is committed to reaching CMMC Level 2 Compliance to improve our client services and guarantee coverage of more than 200 security controls.
CorpInfoTech's Response
Corporate Information Technologies (CorpInfoTech) has been following the progression of the CMMC rule for the past several years. As the CMMC rule reaches completion, it's important to understand the importance of becoming and remaining compliant. Through CorpInfoTech's managed services (know as ESP, External Service Provider, for CMMC Compliance), your organization can remain confident your data is protected and your organization compliant.
CorpInfoTech is committed to become CMMC level 2 (C3PAO) compliant to better serve your organization. Our audit is aligned early in the programs roll out, making us likely among the first MSPs to achieve certification.
"CorpInfoTech engages with external sources for validation to ensure our processes, procedures, and tools are valid and compliant. We have officially registered with Cyber AB as an OSC (Organization Seeking Certification) so that when the rule is finalized, we are ready." - Lawrence Cruciana, Founder and President of CorpInfoTech
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services, including security assessment, cybersecurity penetration tests, managed services (MSP), firewall management, and vulnerability management. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.