After a Senate vote on Sunday evening, Congress appears closer to ending the record-setting government shutdown. The Senate advanced a funding package that includes appropriations for military construction and calls for the reinstatement of all furloughed federal employees.

The potential return to normal government operations coincides with today’s official implementation of the Department of Defense’s CMMC requirements, which we have discussed and analyzed in previous posts. Effective today, under DFARS provisions 252.204-7021/7025, new DoD solicitations require contractors and applicable subcontractors to complete a self-assessment and submit SPRS documentation affirming that they meet the requirements for CMMC Level 1 or Level 2 as a condition of contract award. Additional CMMC requirements are scheduled to take effect one year from now.

It is incumbent upon prime contractors, subcontractors, and suppliers to negotiate their applicable agreements to correspond with the performance expectations for each party—specifically, whether a lower-tier organization will be processing, storing, or transmitting FCI or CUI—as the CMMC program is focused on strengthening cybersecurity across the defense supply chain.