CMMC Final Rule: What to Know

The Department of Defense (DoD) has released the highly anticipated second final rule for the Cybersecurity Maturity Model Certification Program (CMMC), ushering in its mandatory implementation that begins on November 10. CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks on and data theft from the Defense Industrial Base.  This program requires every DoD contractor that handles sensitive government data to certify compliance with certain cybersecurity controls.  CMMC brings greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with compliance failures. To achieve certification, contractors must prove that their organizations can meet a myriad of security control obligations, a process that can be daunting without familiarity with the policies, procedures, and practices that will be required when the program is finalized.

Join us as we discuss CMMC in a live panel webinar featuring Privacy & Cybersecurity and Government Contracts attorneys who have been following the evolution of the DoD’s approach to contractor cybersecurity since its inception.  Our panel will include Michael Gruden, Kate Growley, Jacob Harrison, Jessica Chao, and Alexis Ward.

Topics will include:

• Overview of the final rule and new CMMC DFARS clauses
• CMMC certification and attestation requirements
• Timeline for CMMC contract requirements
• Attestation and certification enforcement risks
• CMMC supply chain management