The final rule codifying CMMC 2.0, known as the 32 CFR Programmatic Rule, has been released and will be published to the Federal Register on October 15, 2024. The rule is effective 60 days after publication.
Just a reminder that the open comment period is set to close in four days for the proposed CMMC 2.0 contracts rule appearing in 48 CFR. The finalization of this rule is necessary before full implementation of the CMMC 2.0 program.
You can read the final text for the 32 CFR Programmatic Rule by navigating to the link below.
With this final rule, DoD establishes the Cybersecurity Maturity Model
Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). The mechanisms discussed in this rule will allow the Department to confirm a defense contractor or subcontractor has implemented the security requirements for a specified CMMC level and is maintaining that status (meaning level and assessment type) across the contract period of performance.