DOD Submits New CMMC Rule to OMB for Enhanced Cybersecurity in Defense Industry

Aug 18, 2023 | Blog, CMMC, Data Protection, Department of Defense, DOD, News

In an increasingly interconnected world, where digital systems play a pivotal role in various sectors, cybersecurity has emerged as a critical concern. Among the sectors most vulnerable to cyber threats is the defense industry, which handles sensitive information and technologies crucial for national security. To address this concern, the DOD has taken a significant step by submitting the new CMMC rule to the Office of Management and Budget (OMB). This move aims to bolster cybersecurity across the defense supply chain and safeguard national interests against evolving cyber threats.

The OMB’s review and approval process will involve a careful evaluation of the CMMC rule’s impact, benefits, and potential challenges.

To this date, fewer than 30% have implemented NIST 800-171.

The DoD’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) reported in May 2023 that fewer than 30% had seriously worked on their implementation. The remaining +70% of federal contractors that derive significant revenue from DoD contract work should be concerned now of the timeline to comply. It can take between 12-18 months to fully implement NIST 800-171, the baseline to protecting CUI and to meeting the DFARS 7012 requirement.

Benefits to Companies Working Towards Compliance

CMMC was designed to show compliance with DFARS 7012. The benefits and implications for the defense industry and national security are critical to protecting the nation, as well as providing benefits to companies that comply early with the regulation.

  1. Enhanced Cybersecurity Posture: By mandating higher levels of cybersecurity across the defense supply chain, the DOD significantly reduces the risk of cyber breaches and intellectual property theft, thereby protecting sensitive national security information.
  2. Competitive Advantage: Companies that achieve higher CMMC levels gain a competitive edge in the defense contracting arena. Their cybersecurity credentials can serve as a differentiator, making them more attractive to the DOD and prime contractors.
  3. Supply Chain Security: As cybersecurity standards are extended throughout the supply chain, the overall resilience of the defense industrial base improves, mitigating potential weak points that adversaries could exploit.

The DOD’s submission of the new CMMC rule to the Office of Management and Budget marks a pivotal moment in the ongoing efforts to bolster cybersecurity across the defense industry.

With cyber threats evolving rapidly, the defense industrial base must adapt and fortify its cybersecurity posture to safeguard national security interests. As the OMB reviews and considers the new rule, the defense industry, government agencies, and cybersecurity experts will wait to see the impact this initiative will have on their organization and on national security.

If you’re among the 70% of companies that have yet to implement NIST 800-171, contact us now to get this process started. As I mentioned above, it can take 12-18 months to meet all the requirements. You don’t want to lose existing contracts or new opportunities because you’re not compliant (but your competitors are).

Subscribe to Our Monthly Newsletter

Free education for cybersecurity.


Your personal information will not be shared and you are able to unsubscribe at any time.