Skip to content

Home » CMMC


By Jonathan Sanders, Director, Research, GovExec

On Monday, July 25, the Department of Defense (DoD) took a major step in its efforts to protect the United States’ defense supply chain by sending the proposed Cybersecurity Maturity Model Certification (CMMC) rule to the White House for review. The Office of Information and Regulatory Affairs at the Office of Management and Budget will now begin its review process. 

The CMMC Rule

CMMC will replace the existing self-certification process for DoD contractors. It will require them to achieve specific levels of cybersecurity maturity in order to continue doing business with the government.

Cyber AB, the nonprofit organization created to authorize and accredit third-party assessment organizations involved in conducting cybersecurity assessments for defense contractors, recently held a town hall meeting. Cyber AB CEO Matthew Travis led the meeting, which walked through the major milestone this represents to the DoD moving forward.

Travis noted the success of the Washington Technology sponsored CMMC Ecosystem Summit. In partnership with Cyber AB, the second iteration takes place November 8th. 

The proposed CMMC rule will now undergo OMB’s regulatory review. OMB has 60-90 days to complete their review of the rule, after which it will be published in the Federal Register (estimated for September or October). After posting, the rule will undergo a 60-day public comment period where the public can provide suggestions and feedback on the suggested requirements. 

One of the major obstacles is the NIST revision of the compliance standards, expected to be released in late FY 2023 or early FY 2024, which generally aligns with the Pentagon’s proposed timeline for implementation of Fall 2024. This update will include additional cybersecurity controls/requirements for contractors, which means that the bar for cyber compliance assessments will continue to rise.

What does this mean for you?

As CMMC moves one step closer to becoming law, it is imperative for your organization to keep up with the requirements and make necessary changes to cybersecurity practices to remain viable and competitive in the DoD marketplace. Keep in the know by attending Washington Technology’s CMMC Summit in partnership with Cyber AB taking place November 8th from 8am – 6pm ET. (Click here to register.)

Insights, Research, and YOUR Path to More Awards

GovExec’s Insights & Research Group (comprising Market Connections, Government Business Council, and Leading Brands) and GovTribe can keep you up to date on what is happening in this rapidly changing contract environment. 

GovTribe is a collaborative platform that lends business development teams a hand through research and tracking of contracting vehicles as well as targeted intelligence on GSA Federal Supply Schedules, GWACS, IDIQs, and other multiple award vehicles.

Combining the data, insights, and expert analysis you get at Market Connections with the ease, agility, and usability of GovTribe can help you strategically position yourself right where you want to be for future opportunities.

Questions? Please reach out to Jonathan Sanders at