July 25, 2023

CMMC Enters OIRA Review: What does this mean for you?

As the cybersecurity landscape continues to evolve, the U.S. Department of Defense (DOD) is taking decisive action to safeguard sensitive information within its defense industrial base. The Cybersecurity Maturity Model Certification (CMMC) program, which aims to enhance data security controls for defense contractors, is now entering a new stage of development. Phalanx, a trusted partner in data security, is committed to assisting defense contractors in navigating the CMMC certification process seamlessly. Let’s explore the latest developments regarding CMMC implementation and how Phalanx can help your organization achieve compliance and strengthen its cybersecurity posture.

New Developments: OIRA Review Process

Recently, the Pentagon took a significant step towards finalizing the CMMC program by submitting the rulemaking for its implementation to the White House Office of Management and Budget's information and regulatory affairs office (OIRA). This submission is a crucial milestone in the process of amending Title 32 of the Code of Federal Regulations to accommodate the CMMC requirements.

The rulemaking will be issued as a proposed rule, initiating a 60-day public comment period. During this period, stakeholders and the public will have the opportunity to provide feedback on the proposed CMMC rule, ensuring that diverse perspectives are considered in shaping the final framework.

What does this mean for you and your defense contracting business? Based on OIRA's timelines CMMC could be through its process roughly by the end of October 2023. While that can come up quick, Phalanx can help you get ahead so being compliant isn't a pain.

Understanding OIRA's Role in the Process

OIRA, established under the 1980 Paperwork Reduction Act, is part of the Office of Management and Budget (OMB) within the Executive Office of the President. OIRA plays a vital role in reviewing draft proposed and final rules under Executive Order 12866, ensuring regulatory compliance and alignment with the President's policies and priorities.

The OIRA review process, limited to 90 days, seeks to promote interagency coordination, consistency, and the consideration of consequences (both benefits and costs) before proceeding with regulatory actions. During the review, OIRA may send a letter to the agency returning the rule for further consideration if certain aspects are inadequate or not in line with regulatory principles and priorities.

Phalanx's Commitment to Assisting with CMMC Compliance

At Phalanx, we recognize the importance of staying abreast of the evolving CMMC implementation process. Our expert team is closely monitoring the updates and developments to ensure that we provide the most up-to-date guidance to our customers. Phalanx MUZE satisfies 42 CMMC controls and more controls are coming soon.


As the CMMC certification program enters a new stage of development with the submission of the rulemaking for review at OIRA, defense contractors must remain vigilant and prepared for upcoming changes. Achieving CMMC compliance will not only strengthen your organization's cybersecurity posture but also solidify your standing as a trusted partner within the defense industrial base.

Phalanx is dedicated to guiding organizations through the complexities of the CMMC certification process. We are ready to help you adapt to the evolving landscape, enhance your data security controls, and maintain compliance with the latest requirements.

Contact Phalanx today to get a demo and start your organization's journey towards enhanced cybersecurity and CMMC compliance. Together, we can build a secure future for your organization and contribute to the protection of sensitive information within the nation's defense industrial base.

Get A Demo

See what Phalanx can do for your team.