The DoD, the U.S. Department of Justice, has said clearly that it may take around 24 months for the government to support its CMMC program. As a result, the last CMMC announcement was in 2021.
The department said the proposals, as part of the announcement late in 2021, will be reviewed at the earliest. However, officially that will be a long timeline.
The CMMC rule making is a long process that will occur in two phases. The title 32 CFR rule making for CMMC 2.0 will come first. Further, title 48 CFR rule making will come after that to support CMMC 2.0 contract requirements through the DFARS.
“The DoD continues to anticipate sending the draft 32 CFR rule to OMB in the very near term. However, as DoD has previously stated, the rule making process may take up to 24 months to complete. Therefore, the accurate timeline for implementing contractor compliance with CMMC requirements has been and remains FY25,” says a DoD spokesperson.
There are five stages of cyber maturity, according to the CMMC. Each level of the CMMC is built to support various levels of process maturity, security domains, practice levels, and multiple levels of cybersecurity maturity.
The Cybersecurity Maturity Model Certification (CMMC) framework was made public by the U.S. Department of Defense (DoD) in January 2020. Based on feedback from the general public and internal evaluations, the CMMC framework has undergone substantial adjustments since that time.