PROCIRCULAR BLOG

Educating your business on the importance of cybersecurity

CMMC Final Rule, October 2024

Posted by ProCircular Team on Oct 14, 2024 8:24:30 AM

Header image, compliance, CMMC

CMMC Final Rule, 32 CFR Part 170, was released with formal publishing set for October 15, 2024.  

The Cybersecurity Maturity Model Certification (CMMC) Final Rule, 32 CFR Part 170, was released for public view with formal publishing set for the 15th of October. This document outlines a host of improvements to the initial proposal and clarifies many portions as well. An example of this was a lack of explanation on how to scope Virtual Desktop Infrastructure (VDI) in the proposed rule. The final rule clarifies that if the VDI client is configured properly to not process, store, or transmit Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) the VDI client can be considered out of scope. Additionally, the selection of requirements for organizations that will need a Level 3 certification from NIST SP 800-172 was finalized and included in the document.

You wouldn't be alone if you’re just now returning to CMMC after its initial retreat from the public eye. Some of the key differences from CMMC 1.0 to 2.0 include a few major shifts that make it easier for small businesses to achieve compliance, such as moving from five levels to a more digestible three levels. They also no longer require a Certified Third-Party Assessment Organization (C3PAO) assessment for Level 1 CMMC compliance, moving instead to a self-attestation for organizations that only handle FCI.

The Department of Defense is slated to begin rolling out requirements for compliance with CMMC by the end of Q1 2025. The DoD is taking a phased approach, beginning slowly in the first year and gradually amplifying up to full implementation of all contractors being certified by the seventh year.

ProCircular has been preparing alongside the industry for this shift in compliance needs by offering CMMC Readiness assessments.

Contact our team of experts to discuss your CMMC readiness. Learn more about CMMC and assessment preparation, here.

The full CMMC Final Rule can be found at https://www.federalregister.gov/public-inspection/2024-22905/cybersecurity-maturity-model-certification-program.

Topics: Cybersecurity, Information Security, Compliance, CMMC

  • There are no suggestions because the search field is empty.

ProCircular is a Full-Service Information Security Firm

We are passionate about helping businesses navigate the complex world of information security, and our blog is another great source of inforamtion. We can assist you no matter where you are in your security maturity journey:

  • Breached or hit with ransomware?
  • Don't know where to start? 
  • Looking to confirm your security with a third party?

Secure your future with ProCircular.

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates