The proposed rule identified as 2024-30437, titled “Federal Acquisition Regulation: Controlled Unclassified Information,” was published in the Federal Register on January 15, 2025.
This rule aims to amend the Federal Acquisition Regulation (FAR) to implement the National Archives and Records Administration’s Controlled Unclassified Information (CUI) Program, as mandated by Executive Order 13556.
The Cybersecurity Maturity Model Certification (CMMC) is a Department of Defense (DoD) initiative designed to enhance the protection of sensitive data within the Defense Industrial Base (DIB). The CMMC framework requires defense contractors to meet specific cybersecurity practices and processes to safeguard Controlled Unclassified Information.
U.S. Department of Defense
The proposed FAR rule on CUI establishes standardized requirements for identifying, safeguarding, and disseminating CUI across federal agencies and contractors. By integrating these CUI requirements into the FAR, the rule ensures a consistent approach to handling sensitive information in federal contracts. This standardization is crucial for the effective implementation of the CMMC program, as it provides a unified framework for contractors to follow when protecting CUI.
In summary, the proposed FAR rule 2024-30437 plays a pivotal role in the overall rulemaking for CMMC compliance by establishing standardized requirements for handling Controlled Unclassified Information. This standardization supports the CMMC framework’s objective of enhancing cybersecurity within the Defense Industrial Base.
