The U.S. Department of Defense publishes for a 60-day comment period a proposed rule for the Cybersecurity Maturity Model Certification (CMMC) program at https://www.regulations.gov/docket/DOD-2023-OS-0063.
CMMC is designed to ensure that defense contractors and subcontractors are compliant with existing information protection requirements for federal contract information (FCI) and controlled unclassified information (CUI) and are protecting that sensitive unclassified information at a level commensurate with the risk from cybersecurity threats, including advanced persistent threats.