Today we had two big events in #CMMC and US Federal Contractor Cybersecurity.
The Rule for CMMC moved to the Office of Management and Budget. That means a timer has started, 90 days or less, for the review to complete. Expect the text to be published by mid-October. There is still a possibility that it will come out as as an Interim Final Rule, which means it goes into new contracts 60 days later. But the majority opinion seems to be that it will be a Proposed Final Rule which would go into contracts about 8-12 months later, mid 2024?
National Institute of Standards and Technology (NIST) Ron Ross and Victoria Yan Pillitteri have published the comments on draft 800-171 Rev. 3. In particular, we have very interesting comments from the Department of Defense, Office of the Chief Information Officer (DOD CIO), and Carnegie Mellon, as well as a few thought provoking comments from other orgs.
I’ve put together a quick document with noteworthy screenshots and links for both topics. Enjoy!
Join the conversation on LinkedIn here!