After years of anticipation and delays, the Department of Defense (DoD) has finally published a proposed rule for the Cybersecurity Maturity Model Certification (CMMC) 2.0. This long-awaited proposed rule outlines the DoD’s plan to implement CMMC requirements over the next few years. Now, the final rule isn’t here yet—comments on the proposed rule are due on February 24, 2024, and the final rule is anticipated in the fall of 2024. However, we finally have some tangible guidance to consume, 234 pages to be exact.

In recent years, small businesses have seen increased opportunities in government acquisitions, particularly in the areas of cloud and software services. However, while overall participation has grown, the number of small businesses acting as prime contractors in the Federal IT marketplace has been diminishing. The Office of Management and Business (OMB) has responded by launching a plan to allocate over $100 billion in spending to Small Disadvantaged Businesses (SDBs) in the coming years.

The General Services Administration (GSA) has recently made updates to the Multiple Awards Schedule (MAS) Solicitation. MAS Solicitation Refreshes #18 and #19 consist of several significant changes, such as adjustments to minimum sales requirement, updated language, and implementation of Federal Acquisition Supply Chain Security Act (FASCSA) Orders.

As a government contractor, it’s important to know which sources to turn to when it comes to government requirements and regulations. One rulebook of compliance, especially for contractors in the Defense Industrial Base (DIB) is the Defense Federal Acquisition Regulation Supplement (DFARS), a set of regulations that any contractor doing business with the Department of Defense (DoD) must understand and adhere to. For contractors with GSA Multiple Award Schedule (MAS) contracts who often have the opportunity to expand their business into the DoD sector, comprehending DFARS is not just an advantage—it’s necessity.

The day might finally be here—the Department of Defense (DoD) plans to publish a rule to start implementing Cybersecurity Maturity Model Certification (CMMC). After the DoD reshaped the CMMC program to better fit small businesses 2 years ago, industry and contractors alike have been anxiously awaiting a final rule to formally implement CMMC.

This week, Congress passed its $874.2 billion defense policy bill, better known as the National Defense Authorization Act (NDAA). This highly anticipated bill sets the funding and policy agenda for the Department of Defense (DoD) for Fiscal Year (FY) 2024. The DoD is currently operating under a stopgap funding bill, barring the agency from starting most new initiatives or moving forward with many acquisitions, so once signed by President Biden, this bill will enact a series of significant changes within the DoD.