Skip to content

DoD Submits CMMC Rule to OMB: A Landmark Step Towards Strengthening Cybersecurity in the Defense Industry


August 7, 2023


As a leading cybersecurity consulting firm, we understand the critical role that robust cybersecurity measures play in safeguarding sensitive data and infrastructure against the ever-evolving cybersecurity landscape. In recent news, we are thrilled to witness a monumental development in the realm of cybersecurity – the Department of Defense (DoD) has taken a significant step forward by submitting the Cybersecurity Maturity Model Certification (CMMC) rule to the Office of Management and Budget (OMB). This action marks a pivotal moment in the efforts to enhance the security posture of the defense industry and beyond. In this blog, we will delve into the implications of this move and its potential impact on the Defense Industrial Base (DIB).

CMMC Overview

The CMMC is a cybersecurity framework designed by the DoD to assess, enhance, and certify the cybersecurity capabilities of contractors in the DIB. The DIB comprises organizations and companies involved in providing products and services to the DoD. Recognizing the growing risks posed by cyber adversaries, the DoD recognized the need for a comprehensive approach to ensure that the defense supply chain remains resilient against cyber threats.

The CMMC framework consists of three certification levels, each building upon the previous one, with increasing cybersecurity requirements, controls, and objectives. These levels range from basic cybersecurity hygiene to advanced practices, catering to the specific needs of individual contracts and ensuring that contractors possess the necessary cybersecurity capabilities to protect controlled unclassified information (CUI) and other sensitive data.

The Significance of Submitting the CMMC Rule to OMB

The submission of the CMMC rule to the OMB marks a significant milestone in its implementation. The OMB is a critical federal agency responsible for overseeing the regulatory process and ensuring that proposed regulations align with broader national priorities. With the CMMC rule under review, the OMB will conduct a thorough assessment to validate its effectiveness, feasibility, and potential impact on stakeholders.

When approved, the CMMC rule will become mandatory for all contractors, prime, and sub-contractors seeking to do business with the DoD. Certification of compliance with CMMC will be a prerequisite for participating in DoD contracts, making it a game-changer in the defense industry’s cybersecurity landscape. This approach signifies the DoD’s commitment to building a more secure and resilient defense supply chain.

The timeline for rule finalization by the OMB is about +6 months. Comparatively, the timeframe for defense contractor CMMC readiness is in the order of 12-18 months or more, given the comprehensiveness of CMMC.

Benefits of CMMC Implementation

The implementation of the CMMC framework brings several benefits to the defense industry and the nation’s overall cybersecurity posture:

  • Heightened Cybersecurity Posture: By enforcing a tiered approach, the CMMC ensures that defense contractors possess the appropriate level of cybersecurity maturity, reducing vulnerabilities and enhancing overall cybersecurity resilience.
  • Safeguarding Sensitive Information: With adversaries increasingly targeting the defense supply chain, the CMMC assists in safeguarding sensitive data, intellectual property, and other critical information from cyber threats.
  • Trust and Confidence: CMMC certification enhances trust and confidence between the DoD and its contractors. It assures the government that its partners are taking cybersecurity seriously, thereby reducing the risk of breaches and ensuring secure collaboration.
  • Raising Industry Standards: The CMMC framework sets a precedent for cybersecurity best practices, not only within the defense industry but also across other sectors that handle sensitive government information.
  • Spillover Effect: As CMMC practices become more widespread, they will likely influence cybersecurity practices in other industries, strengthening the overall national cybersecurity ecosystem.


The Department of Defense’s submission of the CMMC rule to the Office of Management and Budget is a commendable step towards bolstering the cybersecurity posture of the defense industrial base. The CMMC framework represents a paradigm shift in the approach to cybersecurity, emphasizing proactive measures and tailored certifications based on specific contract requirements. As the OMB reviews the rule, the anticipation for its approval grows, paving the way for a more secure, resilient, and trusted defense supply chain. At Summit, we welcome this initiative and remain dedicated to supporting organizations in achieving CMMC compliance and building a robust defense against cyber threats. Stay tuned for further updates on this significant development, and let’s work together to create a safer digital future.

Summit has deep expertise and knowledge in CMMC. We have performed assessments and shortened time- and cost-to-compliance for DoD suppliers nationwide.We can do the same for you. Need some help? Contact Us

Share This Post

Related Articles

Tech Stack Blog 707 x 400

Big changes are coming for critical infrastructure entities. The Cybersecurity and Infrastructure Security Agency (CISA)...


Credit card fraud is not just a buzzword—it’s a real threat that affects millions of...

Hands of robot and human touching virtual AI brain data creative in light bulb. Innovation futuristic science and artificial intelligence digital technology global network connection.

AI is new, it’s shiny, and does cool things. But with every new technology comes...