CHAPTER 3: WHO NEEDS TO COMPLY WITH THE CMMC?

The CMMC was developed for all government contractors (herein after Organizations Seeking Certification or OSCs) that process federal contract information (FCI) and CUI. It applies to both primary contractors and subcontractors, who will have until the US 2026 fiscal year to demonstrate CMMC compliance.

The first ten Requests for Information (RFIs) that include CMMC requirements were scheduled to appear at the end of July/early August 2020. The Requests for Proposals (RFPs) will follow in early 2021 and the first contract awards are expected to follow shortly after.23 The program will eventually expand to all DoD procurement and it is expected that CMMC requirements will be in all new RFIs by 2026. ...

Get The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.