Skip to main content
January 16, 2024

Ep. 3.01: Breaking Down the CMMC Proposed Rule

At the end of December, the Department of Defense published its proposed rule implementing the Cybersecurity Maturity Model Certification. This long-anticipated issuance answered many — but not all — of the questions about how the department will implement the program. In this episode of Bona Fide Needs, Arnold and Porter's Ronald Lee and Tom Pettit discuss the proposed rule and address some of those questions contractors may be asking:

  • What should contractors focus on immediately?
  • What did the rule resolve and what was left uncertain?
  • How should subcontractors approach the proposed rule?
  • Can a contractor (or DIDBCAP for Level 3) ever affirm compliance if the contractor IT system is not in full compliance?
  • How can a contractor lose a self-certification or certification assessment?

Read the related Arnold & Porter Advisory: Department of Defense Issues CMMC 2.0 Proposed Rule