Department of Defense Contracts: Preparing for Cybersecurity Requirements

UPDATE: 12.22.2021

In November 2021, the Department of Defense (DoD) announced changes to their Cybersecurity Maturity Model Certification (CMMC) and a new CMMC 2.0 that will be implemented via the rulemaking process. While this process is underway the DoD has suspended all CMMC pilots and will not include CMMC requirements into any DoD solicitations.

Review more information about the DoD’s new CMMC 2.0.

When will Cybersecurity Maturity Model Certification be Required?

The Department of Defense (DoD) announced changes to their Cybersecurity Maturity Model Certification (CMMC) and a new CMMC 2.0 that will be implemented via the rulemaking process. Rulemaking can take anywhere from 9-24 months.

Once CMMC 2.0 is implemented, CMMC will be required for DoD contracts.

How do I know if CMMC is required?

While the DoD simplified CMMC from 5 levels down to 3 with CMMC 2.0, contractors will still be required to follow the new model. We urge researchers who are funded by the DoD to become familiar with the CMMC 2.0 requirements.