Page 144 - Cyber Defense eMagazine September 2023
P. 144
Moreover, in the face of the upcoming new requirements, there's concern over the time and costs
associated with maintaining compliance. Companies find themselves in a tight spot, balancing the need
to safeguard prime contracts while also managing the financial strain of adhering to the new
requirements.
This situation, combined with the uncertainty surrounding the future, could potentially compromise
national security. The risk of slowing down the certification process might disrupt the nation's supply
chain, leaving it vulnerable to cybersecurity threats.
A Glimmer of Hope Amidst Uncertainty
Despite the prevailing uncertainties, recent developments offer a glimmer of hope. The submission of the
proposed CMMC framework to the Office of Management and Budget (OMB) for review is one such silver
lining. This step officially kick-starts the final rulemaking process, a crucial milestone indicating progress
is being made towards defining and implementing CMMC 2.0.
However, the sense of anticipation that comes with this development is tempered by the fact that the
review process can take up to 90 days or longer. And despite the final rule's submission, the final shape
it will take remains uncertain, keeping the industry on tenterhooks.
The Waiting Game and Potential Outcomes
Even with this step towards finalizing the CMMC rules, a substantial degree of uncertainty lingers. The
review period could go on for months, and the final outcome remains in the realm of the unknown.
However, the fact that a consensus on a final rule has been reached and that the framework has been
submitted for review suggests that the formal introduction of the latest version of CMMC is on the horizon.
The next steps could see the rule published in the Federal Register under one of two classifications. If
published as a proposed rule, it could take a significant amount of time to get to the finish line, potentially
taking the better part of a year. However, if the office agrees to publish CMMC as an interim final rule,
the rule could take effect over the following 60 days, allowing the CMMC to hit DoD contracts soon after.
Implications for the Future: An Urgent Need for Clarity
Despite these advancements, the intricate details of the program remain a mystery, casting a long
shadow of uncertainty over contractors who handle the Pentagon’s sensitive information. As the industry
navigates this ever-evolving landscape of cybersecurity, the ongoing discussion surrounding CMMC 2.0
underscores the critical need for clear, consistent guidelines.
Given the gravity of the situation, there is an urgency for all parties involved – from contractors and
auditors to the DoD – to unite in their efforts. By working together, they can navigate these uncertainties,
overcome the hurdles, and ensure the integrity of national security. The future success of CMMC 2.0,
Cyber Defense eMagazine – September 2023 Edition 144
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.