Cybersecurity Requirements for Defense Contractors: CMMC Rule Inches Forward, DoD Expects Fall 2024


The Department of Defense moved one step closer to a Cybersecurity Maturity Model Certification (CMMC) final rule when it recently sent its draft rule to the White House’s Office of Information and Regulatory Affairs (OIRA). Although OIRA will have 90 days to review before either sending the rule back or sending it to the Federal Register for public comments, DoD still expects to see a final rule no earlier than Fall 2024. However, contractors have seen CMMC implementation drag out for several years and it is likely to take longer to see final implementation of the program. AGC has communicated the difficulty many contractors have had implementing these new cybersecurity requirements and the challenges that the CMMC model brings. AGC will continue to follow this issue and will update members as the development progresses.

For more information, contact or (703) 837-5368.

Contractor Type
Industry Priorities