The Department of Defense (DoD) is on track with the final step to begin integrating Cybersecurity Maturity Model Certification (CMMC) requirements into contracts, FedScoop reported Friday.
DoD is now waiting for the Office of Management and Budget (OMB)to clear a rule change to the Defense Federal Acquisition Regulations in order for it to incorporate clauses in solicitations directing the inclusion of CMMC requirements into contracts.
“We are still tracking right along for the DFARs rule change,” Katie Arrington, chief information security officer at the office of assistant secretary of defense for acquisition and a 2020 Wash100 Award winner, said at a webinar. “That has not deviated.”
The full CMMC program will be implemented over a period of five years and the Pentagon said contractors should expect to see such requirements in a few contracts by the end of 2020.