On Jan. 30, 2024, ABC submitted a letter requesting a 30-day extension of the comment period on the U.S. Department of Defense’s proposed rule and guidance documents implementing the Cybersecurity Maturity Model Certification 2.0 Program.

As proposed, CMMC 2.0 would require federal contractors and subcontractors competing for DOD contracts to demonstrate continued compliance with a range of cybersecurity measures to maintain eligibility for performing and winning new federal awards.

ABC’s letter urges the DOD to provide additional time for comments beyond the current 60-day period, considering the extensive new cybersecurity requirements that were proposed by the agency.

The new requirements would apply to all contractors and subcontractors that process, store or transmit information on contractor servers that meet the standards for Federal Contract Information or Controlled Unclassified Information. Requirements vary from a self-assessment of compliance with cybersecurity measures to triennial assessment and certification of compliance by third-party contractors or the DOD, dependent on the data involved in a specific contract. More than 200,000 companies in the defense industrial base could be affected by the rule.

On Jan. 25, 2023, ABC hosted a webinar, “Cybersecurity Maturity Model Requirements for ABC Members Doing Federal Work,” with two cybersecurity experts who provided practical tips and best practices for businesses to assess their cybersecurity readiness in advance of complying with CMMC 2.0. Additional information and resources are available on ABC’s Cybersecurity Resource Guide website.

Comments on the proposed rule are due to the DOD by Feb. 26.

To inform ABC’s comments on the proposal, ABC members are encouraged to submit feedback or questions to Michael Altman at [email protected].