DOD Proposes Revised Cybersecurity Maturity Model Certification Program

On December 26, 2023, the U.S. Department of Defense (DOD) published a proposed rule for the Cybersecurity Maturity Model Certification (CMMC) program. This program is designed to ensure defense contractors and subcontractors engage in appropriate handling of federal contract information and unclassified information so that it is not stolen in a cyber attack.

This proposed rule revises the DOD’s previous rule, published on September 29, 2020. Key changes made include:

  • Self-assessment for certain requirements, designed to simplify compliance.
  • Priorities that protect DOD information.
  • Reinforced cooperation between the DOD and private industry to address cyber threats.

Advocacy encourages small businesses who may be impacted by the new CMMC to comment during the public comment period, which ends February 26, 2024. Read the regulation and submit comments via

Inquiries should be sent to Major Clark at