October 1, 2024 Issue 1

Town Hall News You Can Use

CMMC CyberAB Town Hall Report

At Justice IT Consulting, we attend the Cyber AB Town Halls on behalf of our clients and followers to stay on top of the latest developments in cybersecurity compliance. These town halls provide crucial updates on policies, processes, and timelines that can directly affect your business, especially if you’re navigating the CMMC or NIST 800-171 compliance landscape.

We know that compliance can be complicated and the information shared in these events can be overwhelming. That’s why we take the time to break down the key takeaways into clear, actionable insights—so you know exactly what’s happening, what you need to be aware of, and what steps to take next. Our goal is to make this information not only accessible but also immediately usable for your business. If you have any questions or need further guidance, we’re always here to help!

48 CFR Rule

What Happened:

The 48 CFR Proposed Rule, which was released in August, is currently open for public comment.

What You Need to Know:

The comment period is still open until October 15, 2024. Any changes or clarification can be submitted for review before the deadline.

What You Need to Do (Next Steps):

If your business may be impacted by this rule, review it closely and consider submitting comments. We are available to assist you in reviewing the rule and drafting necessary feedback.

32 CFR Rule

What Happened:

The 32 CFR Final Rule has successfully passed the OIRA (Office of Information and Regulatory Affairs) review. The Rule is now back with the Department of Defense (DoD) for final approval.

What You Need to Know:

Once the DoD signs off on the rule, it will be forwarded to NARA for publication in the Federal Register.The Final Rule could be released as early as October 2024, with the possibility of being active by late Q4 2024 (potentially December). This means that CMMC Assessments could officially begin by them.

What You Need to Do (Next Steps):

Start preparing for the assessment process if you haven’t already. We recommend scheduling internal reviews and verifying that your cybersecurity readiness is in order to avoid any surprises when assessments begin.

CMMC Compliance Guide Podcast

Navigating the 48 CFR Rule

Austin and Brooke Justice from Justice IT Consulting break down the critical updates and challenges associated with the new 48 CFR proposed rule for CMMC 2.0 compliance. Learn about the key differences from previous regulations, the most significant hurdles DoD contractors will face, and the vital steps you must take to ensure your business stays compliant.

Discover how the proposed rule makes CMMC 2.0 a reality, the importance of early preparation, and how subcontractors can navigate the complexities of this process. Brooke Justice, our resident compliance expert, offers practical advice on how to avoid common pitfalls, manage the overwhelming documentation requirements, and ensure your business is ready when the final rule comes into effect.

CMMC Assessment Process (CAP) V2.0

What Happened:

Version 2.0 of the CMMC Assessment Process (CAP) is being introduced, which outlines the steps that assessors will follow during assessments.

What You Need to Know:

The updated process is detailed and may be more time-consuming than earlier expectations. You’ll need to plan for this during your assessment.

What You Need to Do (Next Steps):

Ensure your internal team is aware of the updated assessment procedures. You may want to allow extra time in your assessment planning to account for the more detailed process.

Background Investigations for CCPs and CCAs

What Happened:

CMMC Certified Professionals (CCPs) and Certified Assessors (CCAs) are now required to go through a Tier 3 background investigation/suitability process to maintain certification. Previously, this was only needed for assessors participating in assessments.

What You Need to Know:

Many CCPs and CCAs may have their certifications temporarily suspended while awaiting the completion of their background investigations, which could take anywhere from 2-4 months, and in some cases, up to a year. There are no status updates provided during the process.

What You Need to Do (Next Steps):

If you’re working with CCPs or CCAs, confirm that their certifications are up to date. Make contingency plans in case any key professionals experience delays in their certification renewals due to the background investigation process.

Stay Ahead of Compliance

Staying informed about the latest developments from the Cyber AB Town Halls is crucial for keeping your business on track with cybersecurity compliance. As always, our goal is to make this process as easy and straightforward as possible for you.

If any of the updates we’ve covered raise concerns or if you’re unsure about how they apply to your business, don’t hesitate to reach out. We’re here to guide you through every step, ensuring you stay compliant and prepared for whatever comes next.

Let’s keep your business secure, compliant, and ready for the future!