On November 4, 2021, the US Department of Defense (DoD) announced a massive revamp of the Cybersecurity Maturity Model Certification (CMMC 1.0) program. The new framework, dubbed CMMC 2.0, aims to eliminate red tape for small- and medium-sized businesses and strengthen cooperation between the DoD and contractors in addressing ever-evolving cyberthreats.

After months of internal study, the Department of Defense (DoD) has revealed its intention of updating the Cybersecurity Maturity Model Certification (CMMC) program. The following are the eight different strategic lines of thinking behind the DoD’s efforts to modify and expand the program.