DIB Rulemaking Update (Q4)

The CMMC 2.0 Final Rule is moving toward final publication. Today, October 15, 2024, Title 32 Part 170 was published by the Department of Defense. After 60 days on December 15th, it will be effective.

As of December 15th, C3PAOs will be able to officially conduct CMMC assessments and prime contractors will be able to require that their subcontractors get their CMMC third party assessments completed.

The official four phased implementation of CMMC will begin with the effective date of Title 48 Part 204 “CMMC Acquisition Final Rule” Below is a breakdown of the four phased implementation plan. The DoD at it’s discretion may delay these phases on a contract basis.

Title 48 is expected to be effective in Q1 2025.

The roll out of Title 32 will put more pressure on DIB contractors as primes will be driving suppliers to get their C3PAO assessments completed to maintain their DoD contracts. Subs who haven’t started their implementation of NIST SP 800-171r2 will be under the gun to keep their DIB contracts.

Companies that are already working on CMMC will have an advantage with prime contractors who want to reduce their risk by selecting subcontractors that already have their cybersecurity program CMMC assessed.

If you haven’t made progress on your NIST SP 800-171r2 security program, the time to start is now. These implementations will take on average 6 to 24 months.

Schedule a free 15-minute consultation with our cybersecurity experts to answer your questions about starting your NIST SP 800-171r2 implementation.

About AXIOTROP, LLC:

AXIOTROP’s mission is to make cybersecurity accessible, attainable, and sustainable for small and medium-sized businesses so they remain competitive and poised for growth. We simplify cybersecurity by working closely with businesses to right-size their program for their needs, resulting in client retention, business expansion, and reduced risk.