The changes reflected in CMMC 2.0 will be implemented through the rulemaking process. Companies will be required to comply once the forthcoming rules go into effect, and it could take between 9 to 24 Months.

Key CMMC resources

  • DoD CUI Program website
    • Explains the source and importance of CUI and posts related policies, training, marking aids, as well as the CUI registry and new developments.
  • Supplier Performance Risk System (SPRS)
    • SPRS “…is the authoritative source to retrieve supplier and product PI [performance information] assessments for the DoD [Department of Defense] acquisition community to use in identifying, assessing, and monitoring unclassified performance.” (DoDI 5000.79)
  • DODI 5200.48 – Controlled Unclassified Information
    • Establishes policy, assigns responsibilities, and prescribes procedures for CUI throughout the DoD in accordance with Executive Order 13556; 32 CFR Part 2002, “Controlled Unclassified Information; “ and DFARS secs. 252.204-7008 and 252.204-7012. Also, establishes the official DoD CUI Registry.