After much anticipation, the proposed new standard for the defense industrial base's overall cyber posture is available for download now.
UPDATE: The Cybersecurity Maturity Model Certification's proposed rule will officially be published on Tuesday, but the waiting is over because an unpublished PDF version of the rule is available for download.
Click here to download all 234 pages of the proposed rule, which will reshape how the defense industrial base is responsible for protecting government information on its networks.
A supplementary guidance document is published as well. Download that here.
The rule is listed as proposed, which is important because there was some speculation that it could have been published as a interim rule.
If this were an interim rule, the timeline to become a final rule would have been shorter. CMMC will likely be final by the end of 2024 and start to appear in contracts in 2025.
The proposed rule was expected in mid-November given that the White House's Office of Information and Regulatory Affairs completed its review on Nov. 17. It’s been a waiting game ever since.
As I reported earlier, the proposed rule went back to the Defense Department for a final review before its release on Friday (today).
When the proposed rule is officially published in the Federal Register on Tuesday, we expect several supporting documents to be published by OIRA. That documentation has been sitting on OIRA's dashboard since Nov. 17.
The titles of the guidance materials are available, but not the materials themselves. They include an overview of CMMC, as well as scoping and assessments guides for each level of certification.
Companies will have a lot to digest from the rule.
The comment period will be 60 days, so use that time and make substantive comments and suggestions. Don't just complain, as many informed observers have told us.
On our events page, you can find the on-demand sessions from our Nov. 8 CMMC Ecosystem Summit that we produced with the CyberAB.
We will of course have more coverage as we digest the rule ourselves.