Three CMMC acquisition rules to become permanent

“Three Defense Federal Acquisition Regulation Supplements (DFARS) related to the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) are set to become permanent rules shortly, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said April 15.

At Amazon Web Services’ (AWS) virtual Public Sector Summit, Arrington said DFARS Provision 252.204.7019, DFARS Clause 252.204.7020, and DFARS Clause 252.204.7021 will all become permanent shortly. The first two relate to DoD assessment requirements, while the latter is tied to CMMC requirements…”

“Arrington said these rules are all crucial to the ‘crawl, walk, run’ rollout DoD is shooting for with CMMC implementation.

‘The crawl, taking the self-assessments, and recording the walk, having the department come in and say, let’s look at what you’re doing and make sure you’re on the right path, which leads to the run, which is the deeper,’ Arrington said.

That ‘run’, as Arrington called it, is the DFARS Clause 7021, which is the actual implementation of the CMMC in DoD contracts. That final clause requires CMMC to be included in all contracts starting October 1, 2025.

‘So, think about that. 300,000 companies need to get CMMC certified in the next five years,’ Arrington said. ‘That’s a pretty heavy lift. When we started this program … we thought carefully about this, and making cybersecurity foundational to acquisition wasn’t something that we just thought, “Let’s do it one time.” It has to be an enduring capability.’…” Read the full article here.

Source: Three DoD CMMC Acquisition Rules Set to Become Permanent Shortly – By Lamar Johnson, April 15, 2021. MeriTalk.


Tagged: , ,

This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 4 weeks ago.

  • Author
  • #124724

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2021 MileMarker10, LLC all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?