News and Recommendations
- The final CMMC Rule will be coming out sometime between April – July 2021
- Certified Assessor will not be available until Summer/Fall 2021. The Licensed Training Providers were just recently approved and are ramping up their training program. The first training programs are expected to be available in April 2021.
DTS RECOMMENDS: If you haven’t begun preparing for your CMMC assessment in earnest, you risk missing key deadlines for new contracts. Contractors needing a CMMC certification for a pilot program award in FY2021 will be eligible for an assessment from a Provisional Assessor with proper documentation provided to the CMMC-AB.
- DFARS Provisions 252.204-7019 & 252.204-7020 are only applicable to contractors required to implement the NIST SP 800-171 standards per DFARS Provision 252.204-7012.
DTS RECOMMENDS: Contractors should look in Section L of their contracts to see if it includes 7012. Provisions 7019 and 7020 are not retroactive on current contracts but will apply on contract options and recompetes.
- The CMMC Pilot Program (Year 1 CMMC Contracts) will include contracts from:
- Army, Navy, Air Force, Missile Defense Agency, Defense Logistics Agency
- The Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD (A&S)) is exploring opportunities to pursue CMMC pilots outside of the DoD to include: GSA, DHS, and possibly the Department of Interior
DTS RECOMMENDS: CMMC is still a DoD program but they are “welcoming participation” from other agencies. This news makes it even more of an imperative for contractors to have a long-term cybersecurity strategy in place – AND to forecast and budget for continuous upgrades and training to mature their practices. Until October 1, 2025, CMMC requirements will only be included in new acquisitions with the approval of OUSD(A&S)/OCISO(A&S).
A final tip…
When searching for Cyber Security Consultants and C3PAOs, ensure that you are selecting yours from the CMMC-AB Marketplace. There are many “poser” marketplaces out there, especially for C3PAOs, and contractor companies are not getting what they’re paying for.
View all of the latest CMMC News