CMMC 2.0
The government has provided information, when you summarize the regulations, CMMC 2.0 is months away and every DOD contractor and subcontractor is required to become NIST 800-171 today. This will put the contractor/subcontractor in an excellent position, being NIST 800-171 compliant at the time CMMC 2.0 is operational.
The new CMMC 2.0 is listed below:
CMMC 2.0 Level 1 - Fundamental
CMMC 2.0 Level 2 - Advanced
CMMC 2.0 Level 3 - Expert
CMMC 2.0 Update, the changes reflected above, eliminated levels 2 and 4, and renaming the remaining three levels in CMMC 2.0 as follows:
Level 1 (Foundational) will remain the same as CMMC 1.0 Level 1;
Level 2 (Advanced) will be similar to CMMC 1.0 Level 3;
Level 3 (Expert) will be similar to CMMC 1.0 Level 5.
CMMC 2.0 tailors model and assessment requirements to the type of information being handled.
CUI is non-classified information that requires safeguarding or disseminating controls by the government. If your contract agent has not informed you, and if you are not sure your company has CUI, you can review this subject at the National Archives Controlled Unclassified Information (CUI) | National Archives.
Note: The information in this webpage reflects the Government Department’s strategic intent with respect to the CMMC program. The Department will be engaging in rulemaking and internal resourcing as part of implementation, and program details are subject to change during these processes.
Click below for more information.
Federal Register: Cybersecurity Maturity Model Certification (CMMC) 2.0 Updates and Way Forward
Cybersecurity Maturity Model Certification (CMMC) 2.0 Updates and Way Forward
Strategic Direction for Cybersecurity Maturity Model Certification (CMMC) Program