‹ All episodes

Cherry Bekaert: Government Contractors Guidance

CMMC Program Proposed Rule Published in the Federal Register on 12/26/23: Insights Into the Proposed Rule and When CMMC Will Be Required

January 04, 2024 Cherry Bekaert
CMMC Program Proposed Rule Published in the Federal Register on 12/26/23: Insights Into the Proposed Rule and When CMMC Will Be Required
Cherry Bekaert: Government Contractors Guidance
More Info
Cherry Bekaert: Government Contractors Guidance
CMMC Program Proposed Rule Published in the Federal Register on 12/26/23: Insights Into the Proposed Rule and When CMMC Will Be Required
Jan 04, 2024
Cherry Bekaert

On December 26, 2023, the proposed rule for the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) Program was published in the Federal Register

Listen to Eric Poppe, a Managing Director in Cherry Bekaert’s Government Contractor Industry practice and Brian Kirk, Senior Manager in the Firm’s Information Assurance & Cybersecurity practice, as they share insights into the proposed rule, including the surprises that came out and DoD’s timing for implementation.

  • Refresher on CMMC Level 1 Self-Assessment, CMMC Level 2 Self-Assessment + CMMC Third-Party Assessment Organization (C3PAO) Assessment, and CMMC Level 3 Government-Led Assessment
  • Equivalency: Cloud Service Provider (CSP) and External Service Provider (ESP)
  • Phased Implementation (DoD rollout in solicitations)
  • Final Certification vs. Conditional Certification
  • CMMC Level 3 requires a CMMC Level 2 Final Certification
  • Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) High conversion to CMMC Level 2 Final Certification for perfect scores
  • Cost Considerations

How do I prepare for CMMC certification?

If you have any questions regarding CMMC, Cherry Bekaert’s Information Assurance & Cybersecurity and Government Contracting advisors are available to discuss your situation with you. 

Cherry Bekaert is an authorized CMMC Third-Party Assessment Organization (C3PAO) by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, Inc. (The Cyber AB). We assist Organization’s Seeking Certification (OSCs) with CMMC readiness assessments for Levels 1, 2 and 3. Additionally, as an authorized C3PAO, Cherry Bekaert partners with the Defense Contractor Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) under their Joint Surveillance audit program to perform DIBCAC High (NIST 800-171) Assessments which are convertible to CMMC Level 2 Certification, if a perfect score is obtained. 

View all Government Contracting Podcasts

Apple Podcasts Spotify Amazon Music Overcast YouTube Stitcher +
Show Notes

On December 26, 2023, the proposed rule for the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) Program was published in the Federal Register

Listen to Eric Poppe, a Managing Director in Cherry Bekaert’s Government Contractor Industry practice and Brian Kirk, Senior Manager in the Firm’s Information Assurance & Cybersecurity practice, as they share insights into the proposed rule, including the surprises that came out and DoD’s timing for implementation.

  • Refresher on CMMC Level 1 Self-Assessment, CMMC Level 2 Self-Assessment + CMMC Third-Party Assessment Organization (C3PAO) Assessment, and CMMC Level 3 Government-Led Assessment
  • Equivalency: Cloud Service Provider (CSP) and External Service Provider (ESP)
  • Phased Implementation (DoD rollout in solicitations)
  • Final Certification vs. Conditional Certification
  • CMMC Level 3 requires a CMMC Level 2 Final Certification
  • Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) High conversion to CMMC Level 2 Final Certification for perfect scores
  • Cost Considerations

How do I prepare for CMMC certification?

If you have any questions regarding CMMC, Cherry Bekaert’s Information Assurance & Cybersecurity and Government Contracting advisors are available to discuss your situation with you. 

Cherry Bekaert is an authorized CMMC Third-Party Assessment Organization (C3PAO) by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, Inc. (The Cyber AB). We assist Organization’s Seeking Certification (OSCs) with CMMC readiness assessments for Levels 1, 2 and 3. Additionally, as an authorized C3PAO, Cherry Bekaert partners with the Defense Contractor Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) under their Joint Surveillance audit program to perform DIBCAC High (NIST 800-171) Assessments which are convertible to CMMC Level 2 Certification, if a perfect score is obtained. 

View all Government Contracting Podcasts