View Rule

View EO 12866 Meetings Printer-Friendly Version     Download RIN Data in XML

DOD/OS RIN: 0790-AL49 Publication ID: Spring 2023 
Title: Cybersecurity Maturity Model Certification (CMMC) Program 

DOD is proposing to implement the Cybersecurity Maturity Model Certification (CMMC) Framework,  to help assess a Defense Industrial Base (DIB) contractor’s compliance with and implementation of cybersecurity requirements to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) transiting non-federal systems and mitigate the threats posed by Advanced Persistent Threats--adversaries with sophisticated levels of expertise and significant resources.

Agency: Department of Defense(DOD)  Priority: Economically Significant 
RIN Status: Previously published in the Unified Agenda Agenda Stage of Rulemaking: Proposed Rule Stage 
Major: Yes  Unfunded Mandates: Private Sector 
CFR Citation: 32 CFR 170   
Legal Authority: 5 U.S.C. 301    Pub. L. 116-92, sec. 1648   
Legal Deadline:  None
Action Date FR Cite
NPRM  09/00/2023 
Regulatory Flexibility Analysis Required: Yes  Government Levels Affected: Federal 
Small Entities Affected: Businesses  Federalism: No 
Included in the Regulatory Plan: Yes 
International Impacts: This regulatory action will be likely to have international trade and investment effects, or otherwise be of international interest.
RIN Data Printed in the FR: Yes 
Agency Contact:
Diane L. Knight
Senior Management and Program Analyst
Department of Defense
Office of the Secretary
4800 Mark Center Drive, Suite 12E08,
Alexandria, VA 22350
Phone:202 770-9100