On November 4, 2021, the Department of Defense (DoD) announced a massive overhaul of the Cybersecurity Maturity Model Certification (CMMC 1.0) program. The new framework, dubbed CMMC 2.0, is still being finalized and not yet publicly available, raising a lot of questions for many Defense Industrial Base (DIB) contractors and subcontractors about how they’ll need to adjust.
The Department of Defense’s (DoD) announcement of revamping their Cybersecurity Maturity Model Certification (CMMC) program has left many contractors trying to understand how the update will affect their compliance needs and audit requirements. To offer clarity and guidance on the new framework, we put together a list of the top five questions companies have been asking about CMMC 2.0.
On November 4, 2021, the Department of Defense (DoD) announced several changes to the Cybersecurity Maturity Model Certification (CMMC) program, now referred to as CMMC 1.0. CMMC 2.0, the updated version of the framework, is a culmination of the DoD’s months-long internal review of CMMC 1.0’s implementation and significant changes to the program’s strategic direction.
In 2021, the US Department of Defense (DoD) updated the Cybersecurity Maturity Model Certification (CMMC) framework. The revamp makes the CMMC system more streamlined and flexible to allow defense contractors and their suppliers to comply with the DoD’s cybersecurity standards.
Last week, the U.S. Department of Defense came out with updates to CMMC the framework. The aim of the updates, labeled "CMMC 2.0", is to provide strategic direction following an internal program assessment by the Department leaders. The revision still maintains the compliance's goal of safeguarding sensitive information, while simplifying the standards it follows.