By Heather Bennett
September 23, 2023
The CMMC 2.0 submission to OIRA is moving forward, according to the OMB website. The site lists three meetings taking place on September 6th, September 8th, and September 13th. These meetings are labeled as the “Proposed Rule Stage”. This is creating a stir among the CMMC evangelicals. This is the first major step after the official submission.
On July 24, 2023, the DoD officially submitted CMMC 2.0 to the Office of Information and Regulatory Affairs (OIRA) for review. This is a major step that many in the cybersecurity sphere have been waiting for. Why is it such a big deal? What does this mean?
Let’s start with the significance of this news. CMMC has been a buzzword in the DIB and cybersecurity community for over three years at the time of writing. Three years of debate, revision, speculation, and preparation are one step closer to reality. “Under EO 12866, OIRA has up to 90 days (which can be extended) to review a rule. This review helps to promote adequate interagency review of draft proposed and final regulatory actions so that such actions are coordinated with other agencies to avoid inconsistent, incompatible, or duplicative policies.” (https://obamawhitehouse.archives.gov/omb/oira/) After 90 days, if there are no revisions, the next step is publishing the proposed rule in the Federal Register. Once the rule is registered, there will be a 60-day comment period. This puts us into 2024 before the rule goes into effect. This means that CMMC requirements could appear in contracts by early 2025.
So, why is the submission of CMMC requirements to OMB so critical? Here are several key reasons:
What does this mean for DIB contractors and C3PAOs that have been preparing for the official rule? It’s game time. There is no denying that this requirement is going to go into effect. Any DIB contractor that has been dragging their feet regarding compliance will have to step up their game. Many CMMC evangelists have been warning the community for the past three years that it’s time to get ready or get left behind.
PGS has spent the last three years learning, securing its certification, and preparing clients for the inevitable. We have developed strong CMMC service offerings, from CMMC workshops to full certification assessments. To learn more about how you can be ready for CMMC, we invite you to attend a webinar we will host on October 17, 2023. This interactive session will focus on document preparation specific to CMMC. This webinar is free and open to anyone interested in preparing for CMMC. You can sign up below.
Provincia Government Solutions, LLC is a Nashville based HUBZone certified security and risk assurance firm with advanced expertise in government regulatory and compliance cybersecurity requirements including NIST, FISMA, CMMC, SCA, 800-171, TRICARE, MARS-E and ZTA (Zero Trust Architecture) solutions. Our client base includes government agencies, contractors, and commercial organizations affiliated with government entities. Whether you are seeking audit preparedness, compliance and assurance assessments, security consulting, or CMMC certification, we have the expertise to help. Contact us at (615) 807-2822 or at firstname.lastname@example.org to discuss your security needs today. Consultations are free of charge and we look forward to speaking with you!
Provincia Government Solutions is a Nashville TN based Authorized CMMC Third-Party Assessor Organization (C3PAO) and SBA Certified small business specializing in Cybersecurity Assurance Services for government agencies, contractors, and commercial organizations affiliated with government entities.