DoD’s Interim Rule indicates that CMMC will be incorporated into contracts on a phased basis, with only 15 contracts expected to include CMMC requirements for FY 2021. On December 15, 2020 they announced that an initial round of candidate solicitations, 7 in total, have been nominated by the Navy, Air Force, and Missile Defense Agency. Those solicitations are:

  • U.S. Navy
    • Integrated Common Processor
    • F/A-18E/F Full Mod of the SBAR and Shut off Valve
    • DDG-51 Lead Yard Services / Follow Yard Services
  • U.S. Air Force
    • Mobility Air Force Tactical Data Links
    • Consolidated Broadband Global Area Network Follow-On
    • Azure Cloud Solution
  • Missile Defense Agency
    • Technical Advisory and Assistance Contract

The solicitations are being reviewed, and must still be approved, by the Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD(A&S)). Once approved, all offerors must undergo the appropriate CMMC certification, and the appropriate requirements must also be flowed down to any subcontractors.

The OUSD(A&S) CISO team is working with the Army and other defense agencies to identify additional candidate solicitations. Those will be announced later.

More details are available in the announcement below:

https://www.defense.gov/Newsroom/Releases/Release/Article/2447770/cybersecurity-maturity-model-certification-pilots-for-fiscal-year-2021/