What is the CMMC Interim Rule?
Are you a DoD prime or subcontractor? If yes, then the answer to this question is an important one, if not slightly complex. This Interim Rule took effect on November 30, 2020, so the sooner you understand how it affects your existing as well as new contracts, the better. There is a lot to digest within the requirements—all 110 of them—but we will simplify some of the basics to bring you up to speed.
The Defense Acquisitions Regulation System released a new Interim Rule implementing its Cybersecurity Maturity Model Certification (CMMC) program to supplement the existing DFARS regulations. The new mandate affects CMMC cyber rules for all DoD contractors with systems that process, store, or transmit CUI.
This Interim Rule was necessary to provide immediate improvements to DoD contractor security in the current DFARS requirement while the implementation of the CMMC program is still in development. The CMMC program is expected to be a phased rollout over the next five years.
The new Interim Rule has some updated requirements including performing NIST SP 800-171 Self-Assessments, complete a System Security Plan (SSP) with a Plan of Action and Milestones (POAM), and upload information into the Supplier Performance Risk System (SPRS).
Let SME help you navigate the complexities of the new CMMC Interim Rule. We will start with getting a handle on where your company currently stands and address your cybersecurity compliance gaps so you do not miss out on contract awards. Give us a call 703-378-4110 or email firstname.lastname@example.org.