The Pentagon issued an interim rule under the Defense Federal Acquisition Regulations on Sept. 29 to add more clarity around the implementation timeline and around the requirements contractors will have to adhere to over the next five years under the Cybersecurity Maturity Model Certification (CMMC) program.