A final rule on the Defense Department’s unified cybersecurity standard could debut as soon as this summer, defense officials said. But implementation hinges on standing up a formal training system.
Diane Knight, who is DOD’s lead for the Cybersecurity Maturity Model Certification program’s pathfinders and pilots, said a final rule could roll out as soon as April but wouldn’t confirm a concrete timeline.
“There will be a final rule and we have that identified on schedule coming up here too,” Knight said Jan. 26 during a virtual town hall hosted by the CMMC Accreditation Body (AB).
Knight also previewed a “notional” timeline for the pilots where requests for proposals would be released in April and awards coming in August. By April contractors seeking to participate in the pilots would be expected to have prepared for a CMMC assessment, reviewed requirements with subcontractors and to request an authorized third-party assessors (C3PAOs) assessment. Proposals would be due by July, according to the documents, and a certification would be needed when the contract is awarded.
Continue reading at: FCW