This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Blog
CMMC Title 32 Rule Becomes Official
Effective December 16th 2024, the Department of Defense has codified the Cybersecurity Maturity Model Certification (CMMC) Program in the Code of Federal Regulations (32 CFR part 170) which establishes CMMC as an official DoD program.
This is a landmark milestone for CMMC and it’s implementation as a government program.
What does this mean for Organizations Seeking Certification?
- Cyber AB will begin the process of formally authorizing eligible C3PAOs to conduct voluntary CMMC Level 2 assessments.
- The effective date for this will be Thursday, January 2nd 2025.
- Authorized C3PAO’s will not be allowed to start assessments prior to that date.
- OSCs will be able to start their voluntary assessments with their C3PAOs on the effective date.
Does this mean CMMC is now required?
No, mandatory CMMC requirements for defense contractors will not take effect until after CMMC Title 48 Final Rule is approved and becomes effective.
That being said, if you need a CMMC Level 2 assessment – the wait time will only get longer after January 2nd as C3PAOs are operating on a first-come, first-serve basis and many prime contractors are pushing their subcontractors to get assessed as soon as possible to avoid disruption in business and build a competitive advantage.
To learn more about CMMC and how it affects OSCs – watch the replay of our recent webinar on the topic or check out our CMMC Masterclass.