The Department of Defense issued an interim rule implementing Cybersecurity Maturity Model Certificate (CMMC) cyber rules for all DoD contractors. The interim rule will take effect on November 30, 2020, and all comments must be submitted by that date.
The interim rule amends the Defense Federal Acquisition Regulation Supplement (DFARS) to achieve phased implementation of both the newly required assessment methodology and the CMMC framework. The National Institutes of Standards and Technology (NIST) Special Publication (SP) 800-171 DoD Assessment Methodology is a standard approach to assess contractor implementation of the cybersecurity requirements in NIST SP 800-171. The CMMC framework is a DoD certification process that measures a company’s further implementation of cybersecurity processes and practices beyond NIST SP 800-171.
Learn more here.