On January 31, 2020, the Department of Defense (“DoD”) publicly released Version 1.0 of the Cybersecurity Maturity Model Certification (“CMMC”) framework. The CMMC is a certification framework developed by DoD that measures a defense contractor’s ability to safeguard Federal Contract Information (“FCI”) and Controlled Unclassified Information (“CUI”) handled in the performance of DoD contracts. By FY 2026, CMMC certification will be a requirement for any company doing business with DoD, either as a prime contractor or lower-tier subcontractor. Version 1.0 of the CMMC fills in several gaps from the earlier drafts, which we assess in prior articles. Additionally, the public briefing that accompanied the release of Version 1.0 included new insights into DoD’s rollout of the CMMC framework. This alert walks through the CMMC framework, highlights updates from prior drafts, summarizes DoD’s proposed rollout, and provides considerations for companies during CMMC implementation.
Continue reading at: K&L Gates