The rulemaking process in CMMC is the procedure that the Department of Defense (DoD) follows to implement the Cybersecurity Maturity Model Certification (CMMC) program as a regulation. The rulemaking process involves several steps, such as:
• Drafting the proposed rule that defines the CMMC requirements, levels, and assessment processes for the contractors of the DoD.
• Submitting the proposed rule to the Office of Information and Regulatory Affairs (OIRA) for review and approval.
• Publishing the proposed rule in the Federal Register for public comment and feedback.
• Analyzing and responding to public comments and making any necessary changes to the rule.
• Publishing the final rule in the Federal Register and announcing the effective date of the rule.
• Implementing and enforcing the rule through contracts and audits.
The rulemaking process can take 9 to 24 months to complete, depending on the complexity and scope of the rule.
The CMMC rulemaking process started in November 2021 and is expected to be completed by Q1 2025.
The rulemaking process in CMMC is the procedure that the Department of Defense (DoD) follows to implement the Cybersecurity Maturity Model Certification (CMMC) program as a regulation. The rulemaking process involves several steps, such as:
• Drafting the proposed rule that defines the CMMC requirements, levels, and assessment processes for the contractors of the DoD. • Submitting the proposed rule to the Office of Information and Regulatory Affairs (OIRA) for review and approval. • Publishing the proposed rule in the Federal Register for public comment and feedback. • Analyzing and responding to public comments and making any necessary changes to the rule. • Publishing the final rule in the Federal Register and announcing the effective date of the rule. • Implementing and enforcing the rule through contracts and audits.
The rulemaking process can take 9 to 24 months to complete, depending on the complexity and scope of the rule.
The CMMC rulemaking process started in November 2021 and is expected to be completed by Q1 2025.