What You Should Know About CMMC 2.0

The Cybersecurity Maturity Model Certification (CMMC) is a cybersecurity framework that was developed by the Department of Defense (DoD). The CMMC 2.0 is the latest version of the CMMC, and it includes new requirements for contractors who want to do business with the DoD.

Here are some things you should know about CMMC 2.0:

  • It includes new requirements for contractors who want to do business with the DoD.
  • It is more prescriptive than the previous version, and it includes specific guidance on how to implement cybersecurity controls.
  • It is not mandatory for all contractors, but the DoD may require contractors to be certified under the CMMC in order to bid on certain contracts.
  • It will be phased in over time, and the DoD has not yet released a timeline for when contractors will need to be certified.
  • It is a voluntary certification program, and there is no cost to participate in the program.
  • It is administered by the CMMC Accreditation Body (CMMC-AB), which is a nonprofit organization that was created by the DoD.
  • It includes five levels of maturity, and each level has different requirements.
  • It is not compatible with other cybersecurity frameworks, such as the NIST Cybersecurity Framework.

CMMC 2.0 Certification

The CMMC 2.0 is a voluntary certification program, and there is no cost to participate in the program. However, the DoD may require contractors to be certified under the CMMC in order to bid on certain contracts.

The CMMC-AB will offer training and resources on how to implement the CMMC 2.0. In addition, there are a number of private sector companies that offer CMMC consulting services.

The CMMC 2.0 includes five levels of maturity, and each level has different requirements. Contractors will need to assess their own cybersecurity risks and determine which level they need to be certified at.

The CMMC 2.0 is not compatible with other cybersecurity frameworks, such as the NIST Cybersecurity Framework. However, the CMMC-AB is working on a mapping of the CMMC to the NIST Cybersecurity Framework, which will be released at a later date.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

More To Explore