Bass, Berry and Sims attorneys Richard Arnholt and Adam Briscoe published an article titled “Department of Defense Publishes Long-Awaited CMMC Proposed Rule,” in the March 2024 edition of Cyber Defense Magazine.

In the article, Richard and Adam discuss the function of the CMMC Proposed Rule to protect sensitive information being handled by government contractors and identify individuals and organizations that will be tasked with complying with the program.

The authors go on to describe the three levels of CMMC certification, the requirements designated by each level, and contractors that fall under them. “The applicable CMMC level will be determined by DoD program managers who review the information stored and processed through a contractor’s system,” Richard and Adam explain.

They also map out what the rollout of the program will look like in the coming years and identify the consequences of noncompliance as the CMMC rule is progressively applied to government contractors.

“Given how the government has structured the CMMC program and its assessment requirements, it is almost certain that the government will consider inaccurate CMMC certifications ‘material’ for purposes of the FCA. Contractors at the CMMC Level 1 and CMMC Level 2 tiers should be especially careful to ensure they fully comply with all required security assessments,” the attorneys caution.

To view the full article, you may click here.